General
Target

0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e

Size

3MB

Sample

220524-rbkk3sdfd3

Score
10/10
MD5

da1988969d24b1f187c1fa8885ae91f8

SHA1

4817097ba08b75653a4b32e7c1a207d8aae437ea

SHA256

0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e

SHA512

c8fa5bdd0e615ef66ad31e2d84fb6297745621a892b088b9499f49157f39e4cda3a99186ef4b1af628cde3e527642583efd9ae78af987a8c1017ee508589e6e4

Malware Config
Targets
Target

0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e

MD5

da1988969d24b1f187c1fa8885ae91f8

Filesize

3MB

Score
10/10
SHA1

4817097ba08b75653a4b32e7c1a207d8aae437ea

SHA256

0640ebcd10c12c2d4704b20200eb474e15007a9fa494f892c40536d950528b6e

SHA512

c8fa5bdd0e615ef66ad31e2d84fb6297745621a892b088b9499f49157f39e4cda3a99186ef4b1af628cde3e527642583efd9ae78af987a8c1017ee508589e6e4

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Modifies boot configuration data using bcdedit

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A