General
-
Target
2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4
-
Size
4.1MB
-
Sample
240516-qg66laed4v
-
MD5
b8ab6b091f1733f255493ec62b99c3ce
-
SHA1
4df68bc38b7dde5d1ad7229b7bf5712af9ad6e32
-
SHA256
2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4
-
SHA512
5932a23a36647ff6574d043eff9d72eae248ff2f491ccb1950e98588a1e3d0b5087c53a36a1e4455d045a58a612e77d423bec2b1200efe9282fbe23c7b17640e
-
SSDEEP
98304:0l9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+t4:ZT3oWlQMUAMlWxj+t4
Static task
static1
Behavioral task
behavioral1
Sample
2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4
-
Size
4.1MB
-
MD5
b8ab6b091f1733f255493ec62b99c3ce
-
SHA1
4df68bc38b7dde5d1ad7229b7bf5712af9ad6e32
-
SHA256
2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4
-
SHA512
5932a23a36647ff6574d043eff9d72eae248ff2f491ccb1950e98588a1e3d0b5087c53a36a1e4455d045a58a612e77d423bec2b1200efe9282fbe23c7b17640e
-
SSDEEP
98304:0l9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+t4:ZT3oWlQMUAMlWxj+t4
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1