General
-
Target
76e6ba0131add4cbf881c08373452d63a5ca3e61f4a4f161583709fc9657a7ab
-
Size
4.1MB
-
Sample
240511-nk6ywsea91
-
MD5
c0f11ac7de53abae09153bd3b30564e8
-
SHA1
76795db7c36e2a8e8b865411cb91f64804bf4a50
-
SHA256
76e6ba0131add4cbf881c08373452d63a5ca3e61f4a4f161583709fc9657a7ab
-
SHA512
f331487417b10c5a6580b360b32dd7b0419aafdf8df8e2450dba5133889e8b743c8beca7d9e01d2358876eafa76765fea886574d570f33afcc76f334c1929bf3
-
SSDEEP
98304:taldxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QE:ixq6ggrt/os9O/WxuFhK+AE
Static task
static1
Behavioral task
behavioral1
Sample
76e6ba0131add4cbf881c08373452d63a5ca3e61f4a4f161583709fc9657a7ab.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
76e6ba0131add4cbf881c08373452d63a5ca3e61f4a4f161583709fc9657a7ab
-
Size
4.1MB
-
MD5
c0f11ac7de53abae09153bd3b30564e8
-
SHA1
76795db7c36e2a8e8b865411cb91f64804bf4a50
-
SHA256
76e6ba0131add4cbf881c08373452d63a5ca3e61f4a4f161583709fc9657a7ab
-
SHA512
f331487417b10c5a6580b360b32dd7b0419aafdf8df8e2450dba5133889e8b743c8beca7d9e01d2358876eafa76765fea886574d570f33afcc76f334c1929bf3
-
SSDEEP
98304:taldxVYbeltggr6p7qKtgoJu9O6Qxc6qPeInuZKahKn+3QE:ixq6ggrt/os9O/WxuFhK+AE
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1