General
-
Target
d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0
-
Size
4.2MB
-
Sample
240411-e7k59sfe7z
-
MD5
b7cf5bfd6800b6da4e8a4574f1545ff6
-
SHA1
a4ad3d7ab7099b8713dff5caef627bd2e67fc73b
-
SHA256
d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0
-
SHA512
18db551f1d921c2c7f80fe7dd2a20bd7c0aebee8f736fe15739fa5487bae7b5cd82dddfb4fec65cd5aaabbd975270c24a0202e21e5f8bb6f8d6453b8cc83b3b6
-
SSDEEP
98304:GN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpY:+MStpnhFVxbz9J5TfH6
Static task
static1
Behavioral task
behavioral1
Sample
d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0
-
Size
4.2MB
-
MD5
b7cf5bfd6800b6da4e8a4574f1545ff6
-
SHA1
a4ad3d7ab7099b8713dff5caef627bd2e67fc73b
-
SHA256
d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0
-
SHA512
18db551f1d921c2c7f80fe7dd2a20bd7c0aebee8f736fe15739fa5487bae7b5cd82dddfb4fec65cd5aaabbd975270c24a0202e21e5f8bb6f8d6453b8cc83b3b6
-
SSDEEP
98304:GN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpY:+MStpnhFVxbz9J5TfH6
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1