Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

0962dcc8cad0a2894b03d1b849dcc9c9d8af6083b98bf0b251359e9badb4d7c0
Size

3MB
Sample

220520-fctplaaeb5
MD5

3af108fa26fea49f1ef46e944c4d05e3
SHA1

07e67087dbf24237ccfca30e6c9a03a015104fb8
SHA256

0962dcc8cad0a2894b03d1b849dcc9c9d8af6083b98bf0b251359e9badb4d7c0
SHA512

dedd9e8da6c26758df1d4332ea405fb52084744157cd8ec76be7fd443dbc5d1f4a9a8fac1471f8e1496a2e9f28be0eff49ba4155a2956400152a7bbce3935ab9

Score

10^/10

Malware Config

Targets

- Target
  
  0962dcc8cad0a2894b03d1b849dcc9c9d8af6083b98bf0b251359e9badb4d7c0
- Size
  
  3MB
- MD5
  
  3af108fa26fea49f1ef46e944c4d05e3
- SHA1
  
  07e67087dbf24237ccfca30e6c9a03a015104fb8
- SHA256
  
  0962dcc8cad0a2894b03d1b849dcc9c9d8af6083b98bf0b251359e9badb4d7c0
- SHA512
  
  dedd9e8da6c26758df1d4332ea405fb52084744157cd8ec76be7fd443dbc5d1f4a9a8fac1471f8e1496a2e9f28be0eff49ba4155a2956400152a7bbce3935ab9
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Install Root Certificate

T1130

Discovery

Query Registry

T1012

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Modify Existing Service

T1031

Scheduled Task

T1053

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Tasks

Sharing

General

Malware Config

Targets

Glupteba

Glupteba Payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Windows security bypass

Executes dropped EXE

Modifies Windows Firewall

Loads dropped DLL

Windows security modification

Adds Run key to start application

Checks installed software on the system

Modifies boot configuration data using bcdedit

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2