General

  • Target

    ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6

  • Size

    4.1MB

  • Sample

    220915-p84n4sdbe3

  • MD5

    a8da81df0c849318a012eebefd9337b2

  • SHA1

    ed505931bb3e792aca59fc495a22955d11389a90

  • SHA256

    ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6

  • SHA512

    059e15aa1ff886b6db2da12fd87ee9776ae9e2037ffe002f63a0ec017159471689a6d6c10b1b602ca77743bff257a3fed4d9aa6ca362c086b309c0f4454ac03e

  • SSDEEP

    98304:Y+NaT9aDxW7wRX7o4Ui4iZuFWkaWunDcGj0quXl1EBHNW:ZtDxqwRX7oZi48eZ8noGj0RvERs

Malware Config

Targets

    • Target

      ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6

    • Size

      4.1MB

    • MD5

      a8da81df0c849318a012eebefd9337b2

    • SHA1

      ed505931bb3e792aca59fc495a22955d11389a90

    • SHA256

      ffb90e7e1f65318b6258c545826be7adf0de205b72017b374c6f146b0e5167b6

    • SHA512

      059e15aa1ff886b6db2da12fd87ee9776ae9e2037ffe002f63a0ec017159471689a6d6c10b1b602ca77743bff257a3fed4d9aa6ca362c086b309c0f4454ac03e

    • SSDEEP

      98304:Y+NaT9aDxW7wRX7o4Ui4iZuFWkaWunDcGj0quXl1EBHNW:ZtDxqwRX7oZi48eZ8noGj0RvERs

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks