General

  • Target

    2fbba9ba60633c11a3daece992e97465a5d376d7b5acec7913f7097af3fd746e

  • Size

    4.1MB

  • Sample

    220916-kyymwsfbf3

  • MD5

    3b0462915fc86df44a01853bf1861d1b

  • SHA1

    4565f2c51ce220da6c81052b91dc3e8f9e28da0f

  • SHA256

    2fbba9ba60633c11a3daece992e97465a5d376d7b5acec7913f7097af3fd746e

  • SHA512

    fbcab039763f4e07059727048579e7649ede4e548028c81eecd7bbc0a953cd34ea0d4b0208211c08ff9f3df16864ab5043ce7fd0b5861879bbfd4f7e3c342b4b

  • SSDEEP

    98304:cO4SBMeeK41rmy6W3hLzjubM1ns7BhD3Iyac5DIfkubNBiHcv8uv7H:L4SWtK416y6AB0dl33FEpBLtT

Malware Config

Targets

    • Target

      2fbba9ba60633c11a3daece992e97465a5d376d7b5acec7913f7097af3fd746e

    • Size

      4.1MB

    • MD5

      3b0462915fc86df44a01853bf1861d1b

    • SHA1

      4565f2c51ce220da6c81052b91dc3e8f9e28da0f

    • SHA256

      2fbba9ba60633c11a3daece992e97465a5d376d7b5acec7913f7097af3fd746e

    • SHA512

      fbcab039763f4e07059727048579e7649ede4e548028c81eecd7bbc0a953cd34ea0d4b0208211c08ff9f3df16864ab5043ce7fd0b5861879bbfd4f7e3c342b4b

    • SSDEEP

      98304:cO4SBMeeK41rmy6W3hLzjubM1ns7BhD3Iyac5DIfkubNBiHcv8uv7H:L4SWtK416y6AB0dl33FEpBLtT

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks