General
-
Target
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765
-
Size
4.2MB
-
Sample
240423-xkh2haah96
-
MD5
1abc77833b80100dd1f9c49271af28de
-
SHA1
711c6729a7093f371043547813bb103d0632d085
-
SHA256
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765
-
SHA512
1bc1478e8a954c32b1b0b52ac529f5932afaa9d136edf124fd75ac6c6d634b267332db716e9ae07c58815ec487f3f8818cfc00ad1c3b1c328b7620d5d56d9a12
-
SSDEEP
98304:6oLXUDNHz93Dv2SDo10StEtQ0zNL2UR2k1/Hx:pUDNB72YVuEe0xC5uHx
Static task
static1
Behavioral task
behavioral1
Sample
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765
-
Size
4.2MB
-
MD5
1abc77833b80100dd1f9c49271af28de
-
SHA1
711c6729a7093f371043547813bb103d0632d085
-
SHA256
6d1f4a38b20764f59a1936526c51906f751dd85b6c17e8ff631a42e9906a0765
-
SHA512
1bc1478e8a954c32b1b0b52ac529f5932afaa9d136edf124fd75ac6c6d634b267332db716e9ae07c58815ec487f3f8818cfc00ad1c3b1c328b7620d5d56d9a12
-
SSDEEP
98304:6oLXUDNHz93Dv2SDo10StEtQ0zNL2UR2k1/Hx:pUDNB72YVuEe0xC5uHx
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1