Overview

overview

10

Static

static

0be1ac661b...6a.exe

windows7_x64

8

0be1ac661b...6a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

  • Size

    3.7MB

  • Sample

    220524-azbjmsdfgp

  • MD5

    1436af0a5fb6bff43ffae58b7e4e3006

  • SHA1

    119e334c5115fe195d4546625177fd25940abf91

  • SHA256

    0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

  • SHA512

    e2bf820f38284bc6284a41754ed7c6f6868cffb788b26fb2ad635a1e7deb82ffec5d8016289cefc77549c4cfbbaafe590ca84016363c2fdf2617071638f7c2b7

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

    • Size

      3.7MB

    • MD5

      1436af0a5fb6bff43ffae58b7e4e3006

    • SHA1

      119e334c5115fe195d4546625177fd25940abf91

    • SHA256

      0be1ac661b05603a69ef1fa42333798ecd998522b688a3cc9867cfd04c02506a

    • SHA512

      e2bf820f38284bc6284a41754ed7c6f6868cffb788b26fb2ad635a1e7deb82ffec5d8016289cefc77549c4cfbbaafe590ca84016363c2fdf2617071638f7c2b7

    Score
    10/10
    evasiongluptebadropperloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks