8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b

General
Target

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b

Size

3MB

Sample

220520-ez2s2sceep

Score
10 /10
MD5

5635e26c47223e47e3a87856d2e004b5

SHA1

4bcb817e4479f2c78c068c6163bf2ea70283be96

SHA256

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b

SHA512

fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e

Malware Config
Targets
Target

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b

MD5

5635e26c47223e47e3a87856d2e004b5

Filesize

3MB

Score
10/10
SHA1

4bcb817e4479f2c78c068c6163bf2ea70283be96

SHA256

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b

SHA512

fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Modifies boot configuration data using bcdedit

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation