General
-
Target
b6647c93ebf5886eff5b71e6c6f139a0b0baabe25eebda06375de6ffaa63ab18
-
Size
4.2MB
-
Sample
240420-nmebnagb2v
-
MD5
743693eb9cbfd7415ba57e886efd1683
-
SHA1
2eb442c4752687b5a8d77f2a2358ed9f81794412
-
SHA256
b6647c93ebf5886eff5b71e6c6f139a0b0baabe25eebda06375de6ffaa63ab18
-
SHA512
72158e1302eebcf995c8e2d70c4c29e8240af83c583eb05bbe73cdda4713267ecfd1426ce6f3ba61877e598ed7cc52d1c61021472c189da1b25871b27d70e1af
-
SSDEEP
98304:yExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR0:yMby0Sruak17xw5
Static task
static1
Behavioral task
behavioral1
Sample
b6647c93ebf5886eff5b71e6c6f139a0b0baabe25eebda06375de6ffaa63ab18.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
b6647c93ebf5886eff5b71e6c6f139a0b0baabe25eebda06375de6ffaa63ab18
-
Size
4.2MB
-
MD5
743693eb9cbfd7415ba57e886efd1683
-
SHA1
2eb442c4752687b5a8d77f2a2358ed9f81794412
-
SHA256
b6647c93ebf5886eff5b71e6c6f139a0b0baabe25eebda06375de6ffaa63ab18
-
SHA512
72158e1302eebcf995c8e2d70c4c29e8240af83c583eb05bbe73cdda4713267ecfd1426ce6f3ba61877e598ed7cc52d1c61021472c189da1b25871b27d70e1af
-
SSDEEP
98304:yExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR0:yMby0Sruak17xw5
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1