General
-
Target
6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b
-
Size
4.1MB
-
Sample
240519-cbvnqacd8y
-
MD5
a9ff8e69692def51525760f51284539a
-
SHA1
dcb401e525396487ee3f19c4892c8e75f10da42f
-
SHA256
6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b
-
SHA512
be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4
-
SSDEEP
98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22L:8rcnZFqd2LRPP3hYhQZL
Static task
static1
Behavioral task
behavioral1
Sample
6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b
-
Size
4.1MB
-
MD5
a9ff8e69692def51525760f51284539a
-
SHA1
dcb401e525396487ee3f19c4892c8e75f10da42f
-
SHA256
6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b
-
SHA512
be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4
-
SSDEEP
98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22L:8rcnZFqd2LRPP3hYhQZL
-
Glupteba payload
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1