General
Target

025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c

Size

3MB

Sample

220524-dsdbfadgd7

Score
10/10
MD5

e2bcfb552fd8fdb88da751306f4bea2a

SHA1

b99331f2858f7ee67ea907419c0769fe2279b672

SHA256

025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c

SHA512

31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767

Malware Config
Targets
Target

025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c

MD5

e2bcfb552fd8fdb88da751306f4bea2a

Filesize

3MB

Score
10/10
SHA1

b99331f2858f7ee67ea907419c0769fe2279b672

SHA256

025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c

SHA512

31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral2

                      Score
                      10/10