General
-
Target
6af2fccb34fa2671362f61a83863bd432395a56a794be4aeba182e07fd32c011
-
Size
4.1MB
-
Sample
240327-grttkshb6t
-
MD5
be4ada03c4f584bb3b6137c9cf83759a
-
SHA1
488f15239c84975602db9fa9c0b115ff3431045e
-
SHA256
6af2fccb34fa2671362f61a83863bd432395a56a794be4aeba182e07fd32c011
-
SHA512
ad5f477cd54530ed20a75671306a87080a8283796c72d6dbc2ddb94e5b5ca472253e7c79f1497c54afa905deced038fc264e28f0cb70d029b3aeec6683856723
-
SSDEEP
98304:Fi3FoZ44thcjlr7fgbwLUVjn0rIORDIw1LnV4sT:c3y44bcjibdVjn0saEOLVzT
Static task
static1
Behavioral task
behavioral1
Sample
6af2fccb34fa2671362f61a83863bd432395a56a794be4aeba182e07fd32c011.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
6af2fccb34fa2671362f61a83863bd432395a56a794be4aeba182e07fd32c011
-
Size
4.1MB
-
MD5
be4ada03c4f584bb3b6137c9cf83759a
-
SHA1
488f15239c84975602db9fa9c0b115ff3431045e
-
SHA256
6af2fccb34fa2671362f61a83863bd432395a56a794be4aeba182e07fd32c011
-
SHA512
ad5f477cd54530ed20a75671306a87080a8283796c72d6dbc2ddb94e5b5ca472253e7c79f1497c54afa905deced038fc264e28f0cb70d029b3aeec6683856723
-
SSDEEP
98304:Fi3FoZ44thcjlr7fgbwLUVjn0rIORDIw1LnV4sT:c3y44bcjibdVjn0saEOLVzT
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1