51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744

General
Target

51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744

Size

3MB

Sample

220521-b4n6zagaen

Score
10 /10
MD5

0d5405d0c31b0b5179c2d1623e7c3ac1

SHA1

bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc

SHA256

51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744

SHA512

0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2

Malware Config
Targets
Target

51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744

MD5

0d5405d0c31b0b5179c2d1623e7c3ac1

Filesize

3MB

Score
10/10
SHA1

bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc

SHA256

51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744

SHA512

0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation