General

  • Target

    1494cf99a6f21a722ad1329cc2979e8d7f72427296eff4d03378ac64c511394f

  • Size

    4.1MB

  • Sample

    220915-241g4saaem

  • MD5

    b9ded4caeaac4b9a025765ea6179ab41

  • SHA1

    892d36671c51b9e51f8163fef516152eaaab93fd

  • SHA256

    1494cf99a6f21a722ad1329cc2979e8d7f72427296eff4d03378ac64c511394f

  • SHA512

    3eab86c5162520ffd92995646422c5a9d4d285e6efa20943124ea6565e02f91a300624827ac8cd1bf7f453aef5632711fc42f38c7396391f1e6879828e9d7eb3

  • SSDEEP

    49152:zE+bVx59iskVjtwfDrG6Fq8pvCQSaWb4HUfZbBxRuoeRVgVddE9/6OoMK8nRKwcV:zEdskXYT48XWrl6g2/6OoW4Pnbr1

Malware Config

Targets

    • Target

      1494cf99a6f21a722ad1329cc2979e8d7f72427296eff4d03378ac64c511394f

    • Size

      4.1MB

    • MD5

      b9ded4caeaac4b9a025765ea6179ab41

    • SHA1

      892d36671c51b9e51f8163fef516152eaaab93fd

    • SHA256

      1494cf99a6f21a722ad1329cc2979e8d7f72427296eff4d03378ac64c511394f

    • SHA512

      3eab86c5162520ffd92995646422c5a9d4d285e6efa20943124ea6565e02f91a300624827ac8cd1bf7f453aef5632711fc42f38c7396391f1e6879828e9d7eb3

    • SSDEEP

      49152:zE+bVx59iskVjtwfDrG6Fq8pvCQSaWb4HUfZbBxRuoeRVgVddE9/6OoMK8nRKwcV:zEdskXYT48XWrl6g2/6OoW4Pnbr1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks