General
-
Target
6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9
-
Size
4.1MB
-
Sample
240404-v2v2aadf2z
-
MD5
724c1ea556e8b35de744e16dd95d8073
-
SHA1
0225b7941de3659e23593b705cad5bf347cf1be0
-
SHA256
6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9
-
SHA512
0beddb282e11e61fb711ecb3f33d00d56754885124e293949220c883ab21bc51f8ac3153a10dfa7490ff1cdae8184da278f8bc7cb92518c01f9778cbe9fe8b46
-
SSDEEP
98304:LH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf5R:1MU4iw7Yx2bns7pLfTgf/
Static task
static1
Behavioral task
behavioral1
Sample
6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9
-
Size
4.1MB
-
MD5
724c1ea556e8b35de744e16dd95d8073
-
SHA1
0225b7941de3659e23593b705cad5bf347cf1be0
-
SHA256
6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9
-
SHA512
0beddb282e11e61fb711ecb3f33d00d56754885124e293949220c883ab21bc51f8ac3153a10dfa7490ff1cdae8184da278f8bc7cb92518c01f9778cbe9fe8b46
-
SSDEEP
98304:LH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf5R:1MU4iw7Yx2bns7pLfTgf/
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1