General
-
Target
6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8
-
Size
4.1MB
-
Sample
240517-qf3rsaae44
-
MD5
6c1b960ec89a89da626272366c428a56
-
SHA1
8cb43a8b16cc8f2b33ab7107576478bd419f111e
-
SHA256
6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8
-
SHA512
045e3c070b726a1f77ebf33c8c49a7921d0f444baac253c531222cf62cb27898e5cb9b9bccf6564676f0b79b53039d7398d3237bda3feb9af51a6754338f7f21
-
SSDEEP
98304:3hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvF:Rz9CiccJ0CpfGcGG1DfLP
Static task
static1
Behavioral task
behavioral1
Sample
6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8
-
Size
4.1MB
-
MD5
6c1b960ec89a89da626272366c428a56
-
SHA1
8cb43a8b16cc8f2b33ab7107576478bd419f111e
-
SHA256
6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8
-
SHA512
045e3c070b726a1f77ebf33c8c49a7921d0f444baac253c531222cf62cb27898e5cb9b9bccf6564676f0b79b53039d7398d3237bda3feb9af51a6754338f7f21
-
SSDEEP
98304:3hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvF:Rz9CiccJ0CpfGcGG1DfLP
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1