General
Target

d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b

Size

3MB

Sample

220524-q5hsxagehl

Score
10/10
MD5

b298db4db0a03f5503a15988a25cf9cb

SHA1

faecd0b57db3caeaea880b22534b7e5db9a84f19

SHA256

d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b

SHA512

e09cece376179c32e13d91e79a3d7c0c714b8e16d301a01f439d5a5dc27a95212a92c95bc7538096e7cda4291bdb4d8484aa34212a58a2ecb7f4622141ae70fe

Malware Config
Targets
Target

d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b

MD5

b298db4db0a03f5503a15988a25cf9cb

Filesize

3MB

Score
10/10
SHA1

faecd0b57db3caeaea880b22534b7e5db9a84f19

SHA256

d0ae18cbfb9b9c077d455f08393f329f8294ba7697aaa5569bf339d683ddfb6b

SHA512

e09cece376179c32e13d91e79a3d7c0c714b8e16d301a01f439d5a5dc27a95212a92c95bc7538096e7cda4291bdb4d8484aa34212a58a2ecb7f4622141ae70fe

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Modifies boot configuration data using bcdedit

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A