General
-
Target
6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d
-
Size
4.1MB
-
Sample
240509-twvmwsbb6z
-
MD5
7bec04858f00ce82ca846a74bba018ab
-
SHA1
ef0a9607f02ad6abe75237e55d3ffc255bb79201
-
SHA256
6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d
-
SHA512
eedeb18ce2304d73e681608a419bce95d03ce353aa198538ac9a154d26dc4d856f2a09243d0f88a6e1d01b8cab38973edd344fc7cd2a79f4d35fcdd4e40523a5
-
SSDEEP
98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9an:dmkkc0oEfvGFgFjKYMWdW
Static task
static1
Behavioral task
behavioral1
Sample
6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d
-
Size
4.1MB
-
MD5
7bec04858f00ce82ca846a74bba018ab
-
SHA1
ef0a9607f02ad6abe75237e55d3ffc255bb79201
-
SHA256
6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d
-
SHA512
eedeb18ce2304d73e681608a419bce95d03ce353aa198538ac9a154d26dc4d856f2a09243d0f88a6e1d01b8cab38973edd344fc7cd2a79f4d35fcdd4e40523a5
-
SSDEEP
98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9an:dmkkc0oEfvGFgFjKYMWdW
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1