General

  • Target

    1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

  • Size

    4.0MB

  • Sample

    221002-1j3ajabhb2

  • MD5

    49cb55e27f0b197828be3f83d0bbcc23

  • SHA1

    a30c5d3644a915394e27264963684075bc5448ee

  • SHA256

    1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

  • SHA512

    2a7cc04eb3a54e6da841beac804ece6b9f098af1471d2ab47e26ba730687166189e9c912c17163635b574ef5c991acec57d6f862cf9d79e623a9aa4cdcdd273a

  • SSDEEP

    98304:qekPZYw9loiJvsIb4YNHu/EMsmdh8erUC1:n0X9OiJEuppV/mdhFU6

Malware Config

Targets

    • Target

      1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

    • Size

      4.0MB

    • MD5

      49cb55e27f0b197828be3f83d0bbcc23

    • SHA1

      a30c5d3644a915394e27264963684075bc5448ee

    • SHA256

      1eea010b0fe307b15a59dfa032edab0465d2b278cd91b9967e0a0a027d94caed

    • SHA512

      2a7cc04eb3a54e6da841beac804ece6b9f098af1471d2ab47e26ba730687166189e9c912c17163635b574ef5c991acec57d6f862cf9d79e623a9aa4cdcdd273a

    • SSDEEP

      98304:qekPZYw9loiJvsIb4YNHu/EMsmdh8erUC1:n0X9OiJEuppV/mdhFU6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks