deb4b9b05672e74a6152ac95d299815ce5f15e6953aed784907c54e1addfbe56

General
Target

deb4b9b05672e74a6152ac95d299815ce5f15e6953aed784907c54e1addfbe56

Size

3MB

Sample

220521-an8p1adebk

Score
10 /10
MD5

22e41f02396fedc90ca02608270a7ab9

SHA1

79548d0a0d9a43fe4f860caf80026f4bf4421af9

SHA256

deb4b9b05672e74a6152ac95d299815ce5f15e6953aed784907c54e1addfbe56

SHA512

580f799847856bb70b4562428a5d126268f571b26eea4d3167a16c2a9aad33c1a8e4b8fd3baa48d3e72d71c08be96b48830eb617a5f868af83b22d7dcb436a5e

Malware Config
Targets
Target

deb4b9b05672e74a6152ac95d299815ce5f15e6953aed784907c54e1addfbe56

MD5

22e41f02396fedc90ca02608270a7ab9

Filesize

3MB

Score
10/10
SHA1

79548d0a0d9a43fe4f860caf80026f4bf4421af9

SHA256

deb4b9b05672e74a6152ac95d299815ce5f15e6953aed784907c54e1addfbe56

SHA512

580f799847856bb70b4562428a5d126268f571b26eea4d3167a16c2a9aad33c1a8e4b8fd3baa48d3e72d71c08be96b48830eb617a5f868af83b22d7dcb436a5e

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Description

    suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation