General
-
Target
6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
-
Size
4.2MB
-
Sample
240420-ggstjaaf8x
-
MD5
83b077307531393e5e6aaf785071ad5d
-
SHA1
f2967b81c058ed4c7856161f514cab2fc0fd1b4b
-
SHA256
6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
-
SHA512
692e00174f30617a2b7ba84055037d20d548d8fd7089d7804584860dbfdbb74d32613fd4f3b97abcca502e043b8180a1dd77c32f0da4554d28ce98670ab02a72
-
SSDEEP
98304:tLQYZG/dgZ86BiJBiuHE0xNIsAKMiZ9poPnhJgyiGt:tf8gKxTxapLMoPnzgS
Static task
static1
Behavioral task
behavioral1
Sample
6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
-
Size
4.2MB
-
MD5
83b077307531393e5e6aaf785071ad5d
-
SHA1
f2967b81c058ed4c7856161f514cab2fc0fd1b4b
-
SHA256
6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
-
SHA512
692e00174f30617a2b7ba84055037d20d548d8fd7089d7804584860dbfdbb74d32613fd4f3b97abcca502e043b8180a1dd77c32f0da4554d28ce98670ab02a72
-
SSDEEP
98304:tLQYZG/dgZ86BiJBiuHE0xNIsAKMiZ9poPnhJgyiGt:tf8gKxTxapLMoPnzgS
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1