General

  • Target

    1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

  • Size

    3MB

  • Sample

    221002-1j3ajabhb2

  • MD5

    49cb55e27f0b197828be3f83d0bbcc23

  • SHA1

    a30c5d3644a915394e27264963684075bc5448ee

  • SHA256

    1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

  • SHA512

    2a7cc04eb3a54e6da841beac804ece6b9f098af1471d2ab47e26ba730687166189e9c912c17163635b574ef5c991acec57d6f862cf9d79e623a9aa4cdcdd273a

Malware Config

Targets

    • Target

      1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

    • Size

      3MB

    • MD5

      49cb55e27f0b197828be3f83d0bbcc23

    • SHA1

      a30c5d3644a915394e27264963684075bc5448ee

    • SHA256

      1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

    • SHA512

      2a7cc04eb3a54e6da841beac804ece6b9f098af1471d2ab47e26ba730687166189e9c912c17163635b574ef5c991acec57d6f862cf9d79e623a9aa4cdcdd273a

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation