General

  • Target

    74d3f6cbbdbcbd6246a781727f62e1aebb690d3a6205c1a930a973ada6a33df1

  • Size

    3MB

  • Sample

    221002-w8q7cahaej

  • MD5

    0eee78a11e659ba6d8b3cfc0d2521025

  • SHA1

    aa8a91745d8583cd0ad724733a11368f51c62319

  • SHA256

    74d3f6cbbdbcbd6246a781727f62e1aebb690d3a6205c1a930a973ada6a33df1

  • SHA512

    12feeaa8fec804480015b0a502b6c294c5713604b0ec038b8287bfba6797288c3e9d26a150b8ca4068d7605751492f2389933696db665512ec928bed23d17a18

Malware Config

Targets

    • Target

      74d3f6cbbdbcbd6246a781727f62e1aebb690d3a6205c1a930a973ada6a33df1

    • Size

      3MB

    • MD5

      0eee78a11e659ba6d8b3cfc0d2521025

    • SHA1

      aa8a91745d8583cd0ad724733a11368f51c62319

    • SHA256

      74d3f6cbbdbcbd6246a781727f62e1aebb690d3a6205c1a930a973ada6a33df1

    • SHA512

      12feeaa8fec804480015b0a502b6c294c5713604b0ec038b8287bfba6797288c3e9d26a150b8ca4068d7605751492f2389933696db665512ec928bed23d17a18

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation