General
Target

0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

Size

3MB

Sample

220524-azbjmsdfgp

Score
10/10
MD5

1436af0a5fb6bff43ffae58b7e4e3006

SHA1

119e334c5115fe195d4546625177fd25940abf91

SHA256

0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

SHA512

e2bf820f38284bc6284a41754ed7c6f6868cffb788b26fb2ad635a1e7deb82ffec5d8016289cefc77549c4cfbbaafe590ca84016363c2fdf2617071638f7c2b7

Malware Config
Targets
Target

0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

MD5

1436af0a5fb6bff43ffae58b7e4e3006

Filesize

3MB

Score
10/10
SHA1

119e334c5115fe195d4546625177fd25940abf91

SHA256

0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

SHA512

e2bf820f38284bc6284a41754ed7c6f6868cffb788b26fb2ad635a1e7deb82ffec5d8016289cefc77549c4cfbbaafe590ca84016363c2fdf2617071638f7c2b7

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        8/10

                        behavioral2

                        Score
                        10/10