General

  • Target

    c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3

  • Size

    3MB

  • Sample

    221002-scm82abfa9

  • MD5

    55a9504df9520eebca55feef5707db77

  • SHA1

    1fc848f35b4f58c570ef4dc5edaf0a262c4c2689

  • SHA256

    c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3

  • SHA512

    005458490d4bd5f60d907d4c8f835ef34bb8338a7b0b0fc65a4f83527b1ce8bd73feab02f3d1395ac03e48383074460f2ecef1009681c69950428490e47af3ee

Malware Config

Targets

    • Target

      c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3

    • Size

      3MB

    • MD5

      55a9504df9520eebca55feef5707db77

    • SHA1

      1fc848f35b4f58c570ef4dc5edaf0a262c4c2689

    • SHA256

      c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3

    • SHA512

      005458490d4bd5f60d907d4c8f835ef34bb8338a7b0b0fc65a4f83527b1ce8bd73feab02f3d1395ac03e48383074460f2ecef1009681c69950428490e47af3ee

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation