General

  • Target

    351da8a33edf2fd9f66605c0c17d8498da955638675bca5f12d2ca5d7ee72775

  • Size

    3MB

  • Sample

    221001-d11rpsgdel

  • MD5

    c44aa2e88c2e560d05de711690479b2a

  • SHA1

    74f26e923946de016455e3f52c30cf0eacde8711

  • SHA256

    351da8a33edf2fd9f66605c0c17d8498da955638675bca5f12d2ca5d7ee72775

  • SHA512

    3f13578c7b54ee1ee32cb8275037b9d4989e5a4062e83a6c1da5619b301c9dc730a48c3c74b94b4207803b4eb09677dee1669ebd4c991e457dbac9479cda967f

Malware Config

Targets

    • Target

      351da8a33edf2fd9f66605c0c17d8498da955638675bca5f12d2ca5d7ee72775

    • Size

      3MB

    • MD5

      c44aa2e88c2e560d05de711690479b2a

    • SHA1

      74f26e923946de016455e3f52c30cf0eacde8711

    • SHA256

      351da8a33edf2fd9f66605c0c17d8498da955638675bca5f12d2ca5d7ee72775

    • SHA512

      3f13578c7b54ee1ee32cb8275037b9d4989e5a4062e83a6c1da5619b301c9dc730a48c3c74b94b4207803b4eb09677dee1669ebd4c991e457dbac9479cda967f

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation