General

  • Target

    ad0e76726bbbcab62de0a568b99ca03b7a489300d5e383ab0698f8cee962f02c

  • Size

    4.1MB

  • Sample

    220916-ml33ysbbep

  • MD5

    93e209eaeee1783715414e0996900731

  • SHA1

    0c30f25511a748f165ecae21cb62acd93b28ebe9

  • SHA256

    ad0e76726bbbcab62de0a568b99ca03b7a489300d5e383ab0698f8cee962f02c

  • SHA512

    6d4c2e8709b7ce9f18ed41bf6392c227f6cf768c2f47b55d3081dd3185c972704c02be81be1d8501a953fc3c8f31b928d0fe9fb0a9ef881d73093de573ebddc9

  • SSDEEP

    98304:/xOwhBGxqV7zgiHL7o37dvQkWYP963w8zR431mudFxNMnfxO2M:MiBGEFHYt23w89kSOZ

Malware Config

Targets

    • Target

      ad0e76726bbbcab62de0a568b99ca03b7a489300d5e383ab0698f8cee962f02c

    • Size

      4.1MB

    • MD5

      93e209eaeee1783715414e0996900731

    • SHA1

      0c30f25511a748f165ecae21cb62acd93b28ebe9

    • SHA256

      ad0e76726bbbcab62de0a568b99ca03b7a489300d5e383ab0698f8cee962f02c

    • SHA512

      6d4c2e8709b7ce9f18ed41bf6392c227f6cf768c2f47b55d3081dd3185c972704c02be81be1d8501a953fc3c8f31b928d0fe9fb0a9ef881d73093de573ebddc9

    • SSDEEP

      98304:/xOwhBGxqV7zgiHL7o37dvQkWYP963w8zR431mudFxNMnfxO2M:MiBGEFHYt23w89kSOZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks