General
-
Target
6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb
-
Size
4.1MB
-
Sample
240515-xw995afg47
-
MD5
4f3ab3c0644fc5d8b028eadaf86465e6
-
SHA1
03ce9f9bb4278e899a53ca5d20294c8da12689e4
-
SHA256
6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb
-
SHA512
be1c4587aebb990f062f4fee5aea2a8bfe47a683a4708c6a00dc56bee0a1d9e07ed0bb0d567de49e2260147d8d779c71c8fdde6fbdc667d9ec20b05cb30f59dc
-
SSDEEP
98304:fvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1H:fv8u49ZH7eDfxu9yMsEH
Static task
static1
Behavioral task
behavioral1
Sample
6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb
-
Size
4.1MB
-
MD5
4f3ab3c0644fc5d8b028eadaf86465e6
-
SHA1
03ce9f9bb4278e899a53ca5d20294c8da12689e4
-
SHA256
6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb
-
SHA512
be1c4587aebb990f062f4fee5aea2a8bfe47a683a4708c6a00dc56bee0a1d9e07ed0bb0d567de49e2260147d8d779c71c8fdde6fbdc667d9ec20b05cb30f59dc
-
SSDEEP
98304:fvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1H:fv8u49ZH7eDfxu9yMsEH
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1