General

  • Target

    25fee987d64c0dbd60df80893b4d9dd9babedb2a1bccd6b04bf40cb6b56e2cac

  • Size

    3.9MB

  • Sample

    220524-d98tnshhhm

  • MD5

    608cc8eb402f4e905b97fea917041cc4

  • SHA1

    a12b4cbd159ade8f1780e76411379593c3750ba3

  • SHA256

    25fee987d64c0dbd60df80893b4d9dd9babedb2a1bccd6b04bf40cb6b56e2cac

  • SHA512

    4a5d6bcb1b9793956bef668783b4b967ab847c874fb31747fd3d7f67b1fae4e3775afb7d00dd0982699c33163a635db4e4aa979499987f637c81e5c115ba4708

Malware Config

Targets

    • Target

      25fee987d64c0dbd60df80893b4d9dd9babedb2a1bccd6b04bf40cb6b56e2cac

    • Size

      3.9MB

    • MD5

      608cc8eb402f4e905b97fea917041cc4

    • SHA1

      a12b4cbd159ade8f1780e76411379593c3750ba3

    • SHA256

      25fee987d64c0dbd60df80893b4d9dd9babedb2a1bccd6b04bf40cb6b56e2cac

    • SHA512

      4a5d6bcb1b9793956bef668783b4b967ab847c874fb31747fd3d7f67b1fae4e3775afb7d00dd0982699c33163a635db4e4aa979499987f637c81e5c115ba4708

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks