bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8

General
Target

bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8

Size

3MB

Sample

220520-hvwb9aaacq

Score
10 /10
MD5

8c3064332c06033b41fa36b82aa425b5

SHA1

331a6343c6fbe5c5e22944f104bd86cb11c80d97

SHA256

bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8

SHA512

a53755532b237d3bb1ac5f1ad89adec66edae8ca913a1de433fdb46fbe4c7681643d6d9efa8174bed300ac60edf12bda34d36e148e2b543741a0a10ef17d8e01

Malware Config
Targets
Target

bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8

MD5

8c3064332c06033b41fa36b82aa425b5

Filesize

3MB

Score
10/10
SHA1

331a6343c6fbe5c5e22944f104bd86cb11c80d97

SHA256

bfd3d410e0062b1a1949e753597b59ab5fd3b64855cf0cf8b215fa98ddd90dc8

SHA512

a53755532b237d3bb1ac5f1ad89adec66edae8ca913a1de433fdb46fbe4c7681643d6d9efa8174bed300ac60edf12bda34d36e148e2b543741a0a10ef17d8e01

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Modifies boot configuration data using bcdedit

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks