General

  • Target

    9d9a817569790c92fe644e3381befddcf5a5d96487db4384edec158cf3dd7ef4

  • Size

    4.1MB

  • Sample

    220915-19cgssebg8

  • MD5

    c97f27ecde7ed25f3e1e4feb0558b9cd

  • SHA1

    69ec6ad5c621db538824fa59bc7473beea6a35a5

  • SHA256

    9d9a817569790c92fe644e3381befddcf5a5d96487db4384edec158cf3dd7ef4

  • SHA512

    fbd95c29ca3c6c22c8df3c4539595407c44d785e8d67b156417f487364df137fb29f6d10184b308762b227fb1e53a719fcc1d86b83390eea9042d6a35b54c953

  • SSDEEP

    98304:CZNCAYh00pF3r8yNQ2wqVA+gaO2w1vz8YI36iWlZ+YQvVZC:a4A+n3r8yNQ2wCcvwYSwkvVM

Malware Config

Targets

    • Target

      9d9a817569790c92fe644e3381befddcf5a5d96487db4384edec158cf3dd7ef4

    • Size

      4.1MB

    • MD5

      c97f27ecde7ed25f3e1e4feb0558b9cd

    • SHA1

      69ec6ad5c621db538824fa59bc7473beea6a35a5

    • SHA256

      9d9a817569790c92fe644e3381befddcf5a5d96487db4384edec158cf3dd7ef4

    • SHA512

      fbd95c29ca3c6c22c8df3c4539595407c44d785e8d67b156417f487364df137fb29f6d10184b308762b227fb1e53a719fcc1d86b83390eea9042d6a35b54c953

    • SSDEEP

      98304:CZNCAYh00pF3r8yNQ2wqVA+gaO2w1vz8YI36iWlZ+YQvVZC:a4A+n3r8yNQ2wCcvwYSwkvVM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks