General
-
Target
6d6c4d813d7ba3d071b4a624e9411f843dc12d9e616be6eaed8a979eecf00f97
-
Size
4.2MB
-
Sample
240426-zpqm9aca58
-
MD5
a7b80af636cd3b84ebe8291e10afcffb
-
SHA1
1ba9a8442c501664454c1fc658f7dd2a69c24bae
-
SHA256
6d6c4d813d7ba3d071b4a624e9411f843dc12d9e616be6eaed8a979eecf00f97
-
SHA512
964798b7a4b5ac375f987d17888c3bdd42fe918c50b0d1b6650c5c121533a14cf728a4890d9c5f8d0ceb4c4f5c1cc0369c82613a265a7c8814c4eb175103316d
-
SSDEEP
98304:Nx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIt:PfIvBT9wRBLRbbJ6NSsbZH6
Static task
static1
Behavioral task
behavioral1
Sample
6d6c4d813d7ba3d071b4a624e9411f843dc12d9e616be6eaed8a979eecf00f97.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
6d6c4d813d7ba3d071b4a624e9411f843dc12d9e616be6eaed8a979eecf00f97
-
Size
4.2MB
-
MD5
a7b80af636cd3b84ebe8291e10afcffb
-
SHA1
1ba9a8442c501664454c1fc658f7dd2a69c24bae
-
SHA256
6d6c4d813d7ba3d071b4a624e9411f843dc12d9e616be6eaed8a979eecf00f97
-
SHA512
964798b7a4b5ac375f987d17888c3bdd42fe918c50b0d1b6650c5c121533a14cf728a4890d9c5f8d0ceb4c4f5c1cc0369c82613a265a7c8814c4eb175103316d
-
SSDEEP
98304:Nx1RyBW5eh1jvdHfL95CEfIBLRbKwJWZNSsbjNHIt:PfIvBT9wRBLRbbJ6NSsbZH6
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1