General

  • Target

    ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5

  • Size

    3MB

  • Sample

    221002-t8hh4afab7

  • MD5

    8d108cf9507a8e81a85062d46c642090

  • SHA1

    fb578386e23a6845e6eeda65cf38d04124e697d6

  • SHA256

    ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5

  • SHA512

    90ad6e6ce22479f92ad21bf68236d9de60b1e9661da21347a1bf6e1f1efd88363a40adef4318b71e1e0417e974563329a2f6ab037187ed8a4a350cd5ca09420a

Malware Config

Targets

    • Target

      ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5

    • Size

      3MB

    • MD5

      8d108cf9507a8e81a85062d46c642090

    • SHA1

      fb578386e23a6845e6eeda65cf38d04124e697d6

    • SHA256

      ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5

    • SHA512

      90ad6e6ce22479f92ad21bf68236d9de60b1e9661da21347a1bf6e1f1efd88363a40adef4318b71e1e0417e974563329a2f6ab037187ed8a4a350cd5ca09420a

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation