SecuriteInfo.com.Generic.mg.0d039208c1658b3f.16741

General
Target

SecuriteInfo.com.Generic.mg.0d039208c1658b3f.16741

Size

3MB

Sample

200725-d96h3a6x3n

Score
10 /10
MD5

0d039208c1658b3fc0c7bd9679a1744d

SHA1

adf1b4f1c00301f325036086a882bdb145002588

SHA256

aae91b20323629b5d0c4a1ed5ad5cf5383730f5233433eba7b450eafec503501

SHA512

3e97398f5db4c4549dac9d375e07d4acfc236e477c005d37870b5094d37c27878ab53ad8fadae98fd6f5f3cfc587f0387a2b47a6678234eda3a926797ee23496

Malware Config
Targets
Target

SecuriteInfo.com.Generic.mg.0d039208c1658b3f.16741

MD5

0d039208c1658b3fc0c7bd9679a1744d

Filesize

3MB

Score
10 /10
SHA1

adf1b4f1c00301f325036086a882bdb145002588

SHA256

aae91b20323629b5d0c4a1ed5ad5cf5383730f5233433eba7b450eafec503501

SHA512

3e97398f5db4c4549dac9d375e07d4acfc236e477c005d37870b5094d37c27878ab53ad8fadae98fd6f5f3cfc587f0387a2b47a6678234eda3a926797ee23496

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Modifies boot configuration data using bcdedit

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Possible attempt to disable PatchGuard

    Description

    Rootkits can use kernel patching to embed themselves in an operating system.

    Tags

    TTPs

    Command-Line Interface
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation