General

  • Target

    b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765

  • Size

    4.2MB

  • Sample

    220917-hf41vadcar

  • MD5

    022dfceded1554b15c5bf3e4b641a9bf

  • SHA1

    aa98962a83bfa24730934cda8bb0dc7facae4b92

  • SHA256

    b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765

  • SHA512

    60074a8acc67c2e1067513745c04e83988f4ef8230b4d128910e230254c4eae8066ac061c16702bb1197675350f33c425221d7c7371438b98df0ed9b5a756cd4

  • SSDEEP

    98304:CTcRoTe2d49zqT6tDak8XHu5W1h3FXj6hLNczJPDDiE2g/il:tCP49g6Zak8ec1BFTSLNczdDe7gQ

Malware Config

Targets

    • Target

      b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765

    • Size

      4.2MB

    • MD5

      022dfceded1554b15c5bf3e4b641a9bf

    • SHA1

      aa98962a83bfa24730934cda8bb0dc7facae4b92

    • SHA256

      b9aa35a894523c9e777dee7dc47030ea9e54e462cac1cb771a4d8fc0362a7765

    • SHA512

      60074a8acc67c2e1067513745c04e83988f4ef8230b4d128910e230254c4eae8066ac061c16702bb1197675350f33c425221d7c7371438b98df0ed9b5a756cd4

    • SSDEEP

      98304:CTcRoTe2d49zqT6tDak8XHu5W1h3FXj6hLNczJPDDiE2g/il:tCP49g6Zak8ec1BFTSLNczdDe7gQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks