General
-
Target
6192da64cf731561e8071fb1d26c97a4355270c2b18ec3c117f798c433dc7a8f
-
Size
4.2MB
-
Sample
240427-2bmesaab7z
-
MD5
256bbc21550c4c4590884fa0b9bf90a4
-
SHA1
518af71db5af093779ecd844d8c3ca779dc9d394
-
SHA256
6192da64cf731561e8071fb1d26c97a4355270c2b18ec3c117f798c433dc7a8f
-
SHA512
ba25c4749bdc52eaef9c8d4893029f43e9a2244df901ae383b23dc2b8e665e1a5a419d993b644d6847e0e3ea6b8158b74ab5a5453417f81ece5350747cf2fbf7
-
SSDEEP
98304:famOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG19:fTy8Jy4o9ecZxQhwo8IinPG19
Static task
static1
Behavioral task
behavioral1
Sample
6192da64cf731561e8071fb1d26c97a4355270c2b18ec3c117f798c433dc7a8f.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6192da64cf731561e8071fb1d26c97a4355270c2b18ec3c117f798c433dc7a8f
-
Size
4.2MB
-
MD5
256bbc21550c4c4590884fa0b9bf90a4
-
SHA1
518af71db5af093779ecd844d8c3ca779dc9d394
-
SHA256
6192da64cf731561e8071fb1d26c97a4355270c2b18ec3c117f798c433dc7a8f
-
SHA512
ba25c4749bdc52eaef9c8d4893029f43e9a2244df901ae383b23dc2b8e665e1a5a419d993b644d6847e0e3ea6b8158b74ab5a5453417f81ece5350747cf2fbf7
-
SSDEEP
98304:famOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG19:fTy8Jy4o9ecZxQhwo8IinPG19
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1