2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579

General
Target

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579

Size

5MB

Sample

220521-m25lqache8

Score
10 /10
MD5

27d671e5478cb71030023d80834f713f

SHA1

00599520f60ced4ad5d5985b6866c16752a30e82

SHA256

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579

SHA512

ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd

Malware Config
Targets
Target

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579

MD5

27d671e5478cb71030023d80834f713f

Filesize

5MB

Score
10/10
SHA1

00599520f60ced4ad5d5985b6866c16752a30e82

SHA256

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579

SHA512

ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Description

    suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation