General

  • Target

    bde38fac427949aaf6e51b644a5234514f73a31360c3df328a8b6749e6846cb7

  • Size

    3MB

  • Sample

    221001-t8j2xshccp

  • MD5

    76eed1ba08203dd9c1cddb33c6189148

  • SHA1

    9a910fe9383e843791cc85a21f3ac59c4f574046

  • SHA256

    bde38fac427949aaf6e51b644a5234514f73a31360c3df328a8b6749e6846cb7

  • SHA512

    ecfbd9782c6c0b50b6d8c0fef771745ec9f2114d28a6dfca05df2029c4e386e23762193e59167c08695460a2b6c423d9f96908f3d77d9d1ee67b743f02d0ef42

Malware Config

Targets

    • Target

      bde38fac427949aaf6e51b644a5234514f73a31360c3df328a8b6749e6846cb7

    • Size

      3MB

    • MD5

      76eed1ba08203dd9c1cddb33c6189148

    • SHA1

      9a910fe9383e843791cc85a21f3ac59c4f574046

    • SHA256

      bde38fac427949aaf6e51b644a5234514f73a31360c3df328a8b6749e6846cb7

    • SHA512

      ecfbd9782c6c0b50b6d8c0fef771745ec9f2114d28a6dfca05df2029c4e386e23762193e59167c08695460a2b6c423d9f96908f3d77d9d1ee67b743f02d0ef42

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation