General

  • Target

    4cbf120cc1632c2c5eeff0e37aca8be9fdeb4e0904691f1834277d2084304111

  • Size

    3MB

  • Sample

    221001-hpvhrsgfbk

  • MD5

    b1a8925b1172bbd79c798902097cde6b

  • SHA1

    46bd2fadeb2bc9398c7c13fa2c81f1c2617a86a6

  • SHA256

    4cbf120cc1632c2c5eeff0e37aca8be9fdeb4e0904691f1834277d2084304111

  • SHA512

    bdb670fb54a76d73779ff5257ba726193aecef9bf6d523b7a7dbc422777f3834f6f5ba3a661b777e9c2d27e11cf904546f3ce4d022a0eebfdb74ad7dda139b6a

Malware Config

Targets

    • Target

      4cbf120cc1632c2c5eeff0e37aca8be9fdeb4e0904691f1834277d2084304111

    • Size

      3MB

    • MD5

      b1a8925b1172bbd79c798902097cde6b

    • SHA1

      46bd2fadeb2bc9398c7c13fa2c81f1c2617a86a6

    • SHA256

      4cbf120cc1632c2c5eeff0e37aca8be9fdeb4e0904691f1834277d2084304111

    • SHA512

      bdb670fb54a76d73779ff5257ba726193aecef9bf6d523b7a7dbc422777f3834f6f5ba3a661b777e9c2d27e11cf904546f3ce4d022a0eebfdb74ad7dda139b6a

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation