SecuriteInfo.com.Generic.mg.b6240ec8985bd080.7969

General
Target

SecuriteInfo.com.Generic.mg.b6240ec8985bd080.7969

Size

3MB

Sample

200827-552yb8gkke

Score
10 /10
MD5

b6240ec8985bd080a7193f70801b2810

SHA1

75d579b58ab63268d180c055ba040a4752438d05

SHA256

9808a3875c36c7fc105ebba81213f9c108dbf12d65025752013ea2a2763578d6

SHA512

f9c7191b398927a566d81a329507b4236f6e09ff3a2fe8ed8f954c77bdc02165371aaea8ae26354c8f3a464784721e66f9945cdaeb777041c1c7538f743dbe02

Malware Config
Targets
Target

SecuriteInfo.com.Generic.mg.b6240ec8985bd080.7969

MD5

b6240ec8985bd080a7193f70801b2810

Filesize

3MB

Score
10 /10
SHA1

75d579b58ab63268d180c055ba040a4752438d05

SHA256

9808a3875c36c7fc105ebba81213f9c108dbf12d65025752013ea2a2763578d6

SHA512

f9c7191b398927a566d81a329507b4236f6e09ff3a2fe8ed8f954c77bdc02165371aaea8ae26354c8f3a464784721e66f9945cdaeb777041c1c7538f743dbe02

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Modifies boot configuration data using bcdedit

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Possible attempt to disable PatchGuard

    Description

    Rootkits can use kernel patching to embed themselves in an operating system.

    Tags

    TTPs

    Command-Line Interface
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation