General
-
Target
6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657
-
Size
4.1MB
-
Sample
240509-qgsyzabc71
-
MD5
8b47d251147c4dcd8104e4fc584e4a5f
-
SHA1
0e33836e94b09069c1741786d8653c0cb884e6ef
-
SHA256
6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657
-
SHA512
ee168313123ef893ef91f56bbcae37350d6ad41073caef23c4f3b6ba2f127fa0194bdbed2f5d724d60fd982c56ef786cf94dfca5243cd134521a60ecf68d5022
-
SSDEEP
98304:MsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA2:fQZcza2WcnIxBnXOdJK+3UA2
Static task
static1
Behavioral task
behavioral1
Sample
6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657
-
Size
4.1MB
-
MD5
8b47d251147c4dcd8104e4fc584e4a5f
-
SHA1
0e33836e94b09069c1741786d8653c0cb884e6ef
-
SHA256
6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657
-
SHA512
ee168313123ef893ef91f56bbcae37350d6ad41073caef23c4f3b6ba2f127fa0194bdbed2f5d724d60fd982c56ef786cf94dfca5243cd134521a60ecf68d5022
-
SSDEEP
98304:MsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA2:fQZcza2WcnIxBnXOdJK+3UA2
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1