General

  • Target

    472d4739e980b22aa541ab58b89c932efe48fa3c416613b945f712967da10041

  • Size

    4.2MB

  • Sample

    220916-yv79tacdaq

  • MD5

    7113cfb8f8ebf3736c37e1a266993d02

  • SHA1

    c83eea790f2603a7d523fa90952d074ca3bbe9d6

  • SHA256

    472d4739e980b22aa541ab58b89c932efe48fa3c416613b945f712967da10041

  • SHA512

    80805fd2142fcd20326e3dbd4935e71bc1ea9f695f7eeb0fd9892373b760b9acc8ddf1ccd7159504ec9c23f618ba0934f2db2dafe9988e2fa0999e97730f8738

  • SSDEEP

    98304:LC8JS2mOVXPa7KrzgFyyiaPqS3oOBHzycMjTZLBGkdwCdWM4:mgS2mOVGKfMPiaP5LzcFGCa

Malware Config

Targets

    • Target

      472d4739e980b22aa541ab58b89c932efe48fa3c416613b945f712967da10041

    • Size

      4.2MB

    • MD5

      7113cfb8f8ebf3736c37e1a266993d02

    • SHA1

      c83eea790f2603a7d523fa90952d074ca3bbe9d6

    • SHA256

      472d4739e980b22aa541ab58b89c932efe48fa3c416613b945f712967da10041

    • SHA512

      80805fd2142fcd20326e3dbd4935e71bc1ea9f695f7eeb0fd9892373b760b9acc8ddf1ccd7159504ec9c23f618ba0934f2db2dafe9988e2fa0999e97730f8738

    • SSDEEP

      98304:LC8JS2mOVXPa7KrzgFyyiaPqS3oOBHzycMjTZLBGkdwCdWM4:mgS2mOVGKfMPiaP5LzcFGCa

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks