General

  • Target

    c26ba07654897acae88d97f22f629ad2926a62828749a8ea3af86d3f80fc1a86

  • Size

    4.1MB

  • Sample

    220916-epd91aefb5

  • MD5

    482ffad847ffb10500a5343f12b1bad3

  • SHA1

    029749d6e0ad70f93c84f42a37c3a39169bab430

  • SHA256

    c26ba07654897acae88d97f22f629ad2926a62828749a8ea3af86d3f80fc1a86

  • SHA512

    de8a3e299d7d413d96cd69999a6bd3318854be142370c6f611f27e43497730c8a224c86dd0f18e5ce400062c55845ac8c439ec7f1be6d9406a1437df60dc3db7

  • SSDEEP

    49152:L5Yim6tSR5O+LMEfTFjudw5bzFSua7/4Un5m77VqtkbBsTajfEjIb+yCsDFEpYrU:L52FhoQRjlRzgH0yukX6fJDCK5X2Im

Malware Config

Targets

    • Target

      c26ba07654897acae88d97f22f629ad2926a62828749a8ea3af86d3f80fc1a86

    • Size

      4.1MB

    • MD5

      482ffad847ffb10500a5343f12b1bad3

    • SHA1

      029749d6e0ad70f93c84f42a37c3a39169bab430

    • SHA256

      c26ba07654897acae88d97f22f629ad2926a62828749a8ea3af86d3f80fc1a86

    • SHA512

      de8a3e299d7d413d96cd69999a6bd3318854be142370c6f611f27e43497730c8a224c86dd0f18e5ce400062c55845ac8c439ec7f1be6d9406a1437df60dc3db7

    • SSDEEP

      49152:L5Yim6tSR5O+LMEfTFjudw5bzFSua7/4Un5m77VqtkbBsTajfEjIb+yCsDFEpYrU:L52FhoQRjlRzgH0yukX6fJDCK5X2Im

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks