General
-
Target
ed6bbd096457ec67d3757c9b23c0fc7cdb2d632db80daf16bc0b3b745813dbc6
-
Size
4.2MB
-
Sample
240420-nw6ghagd71
-
MD5
a674a86f6ff06eb2ebedfd3438646795
-
SHA1
8f5856370cfeb3b9418123ef3654866d80112682
-
SHA256
ed6bbd096457ec67d3757c9b23c0fc7cdb2d632db80daf16bc0b3b745813dbc6
-
SHA512
be33d369f6f6a4c23a5c18168cf78d14402947c9dadc57a2f4f8d1f9611ff913af674648912f945b51f052a053fba571cb3a291fdbf8b4803d9284e089bb692e
-
SSDEEP
98304:KExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRu:KMby0Sruak17xwH
Static task
static1
Behavioral task
behavioral1
Sample
ed6bbd096457ec67d3757c9b23c0fc7cdb2d632db80daf16bc0b3b745813dbc6.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
ed6bbd096457ec67d3757c9b23c0fc7cdb2d632db80daf16bc0b3b745813dbc6
-
Size
4.2MB
-
MD5
a674a86f6ff06eb2ebedfd3438646795
-
SHA1
8f5856370cfeb3b9418123ef3654866d80112682
-
SHA256
ed6bbd096457ec67d3757c9b23c0fc7cdb2d632db80daf16bc0b3b745813dbc6
-
SHA512
be33d369f6f6a4c23a5c18168cf78d14402947c9dadc57a2f4f8d1f9611ff913af674648912f945b51f052a053fba571cb3a291fdbf8b4803d9284e089bb692e
-
SSDEEP
98304:KExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRu:KMby0Sruak17xwH
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1