General
Target

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d

Size

3MB

Sample

220524-rel83shcbq

Score
10/10
MD5

d3b8410f12961fe31e3babc3f3c9cd91

SHA1

fb7af4fba0c0bd68ba59f7656b543737e7069b7a

SHA256

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d

SHA512

70344439a6585b1f48f7736dcc68621d07cf92f9d663b8578457a2288ab72a2c14dcfa90e657ab38e1ff4d53de01d5380f8f48534384e10273e77015beaec948

Malware Config
Targets
Target

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d

MD5

d3b8410f12961fe31e3babc3f3c9cd91

Filesize

3MB

Score
10/10
SHA1

fb7af4fba0c0bd68ba59f7656b543737e7069b7a

SHA256

654bb155b156016b8d93c02c6eae5252b495ee123de033fa43faf549f04a5a3d

SHA512

70344439a6585b1f48f7736dcc68621d07cf92f9d663b8578457a2288ab72a2c14dcfa90e657ab38e1ff4d53de01d5380f8f48534384e10273e77015beaec948

Tags

Signatures

  • Glupteba

    Description

    Glupteba is a modular loader written in Golang with various components.

    Tags

  • Glupteba Payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Modifies boot configuration data using bcdedit

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    8/10