General
Target

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e

Size

3MB

Sample

220524-qxfctacgg7

Score
10/10
MD5

720a612077a422109df3c8945e088308

SHA1

14ae2f30c62b716dc97c58d3dfc7954143f950d7

SHA256

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e

SHA512

83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b

Malware Config
Targets
Target

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e

MD5

720a612077a422109df3c8945e088308

Filesize

3MB

Score
10/10
SHA1

14ae2f30c62b716dc97c58d3dfc7954143f950d7

SHA256

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e

SHA512

83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Description

    suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      10/10