General

  • Target

    723139ee6ff0261c5099898c26fa544391a2c6c5c71499fefa52b243f264e05c

  • Size

    3MB

  • Sample

    221001-ecmqlsgdeq

  • MD5

    fc00558c1e91e2441d101d0e2a898574

  • SHA1

    bc48a798d134860c66900be61630e223ed933470

  • SHA256

    723139ee6ff0261c5099898c26fa544391a2c6c5c71499fefa52b243f264e05c

  • SHA512

    2762b21e3960a8035e0c320e750df0e5bd265e73b898ec495ce83d201983a72a73d3dd8b0d271d8397929b65cadd27d9351e0e71be3ee4cbe0f60b11f8aa843d

Malware Config

Targets

    • Target

      723139ee6ff0261c5099898c26fa544391a2c6c5c71499fefa52b243f264e05c

    • Size

      3MB

    • MD5

      fc00558c1e91e2441d101d0e2a898574

    • SHA1

      bc48a798d134860c66900be61630e223ed933470

    • SHA256

      723139ee6ff0261c5099898c26fa544391a2c6c5c71499fefa52b243f264e05c

    • SHA512

      2762b21e3960a8035e0c320e750df0e5bd265e73b898ec495ce83d201983a72a73d3dd8b0d271d8397929b65cadd27d9351e0e71be3ee4cbe0f60b11f8aa843d

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation