General
-
Target
4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b
-
Size
4.1MB
-
Sample
240519-cjtfmadb44
-
MD5
6f2311a5bcf2f729847a7e165121c3a2
-
SHA1
065a8eadd68a4e9d0b0d2720eacaa8344021d0c3
-
SHA256
4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b
-
SHA512
5c2754a235e8c379c7909956b6241fdc159b993118f5cde10bc61ad60468a144ecf0ce0923e2d7eb04082ac35a0ef285ae7dbb700be7c3280321c5e9fb731238
-
SSDEEP
98304:UrbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22X:UrcnZFqd2LRPP3hYhQZX
Static task
static1
Behavioral task
behavioral1
Sample
4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b
-
Size
4.1MB
-
MD5
6f2311a5bcf2f729847a7e165121c3a2
-
SHA1
065a8eadd68a4e9d0b0d2720eacaa8344021d0c3
-
SHA256
4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b
-
SHA512
5c2754a235e8c379c7909956b6241fdc159b993118f5cde10bc61ad60468a144ecf0ce0923e2d7eb04082ac35a0ef285ae7dbb700be7c3280321c5e9fb731238
-
SSDEEP
98304:UrbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22X:UrcnZFqd2LRPP3hYhQZX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1