General

  • Target

    78c9b227e89200e46d7961433ca1da21a401464cda1c8ecca24dc3dd3ae15036

  • Size

    3MB

  • Sample

    221003-bnn62abghq

  • MD5

    30ccb5239fb5021546a8630ea1f5d00e

  • SHA1

    151e26627e904e86d4af0c05a09ce1291f5cc959

  • SHA256

    78c9b227e89200e46d7961433ca1da21a401464cda1c8ecca24dc3dd3ae15036

  • SHA512

    d6e1605c5896e30002cb6c1ef19564250cd14e003c8f630e6f31843bffe8c40b05563d14326df1a4a39ab833bbb1729e6c1644fd512801d1d1025d9242706a1e

Malware Config

Targets

    • Target

      78c9b227e89200e46d7961433ca1da21a401464cda1c8ecca24dc3dd3ae15036

    • Size

      3MB

    • MD5

      30ccb5239fb5021546a8630ea1f5d00e

    • SHA1

      151e26627e904e86d4af0c05a09ce1291f5cc959

    • SHA256

      78c9b227e89200e46d7961433ca1da21a401464cda1c8ecca24dc3dd3ae15036

    • SHA512

      d6e1605c5896e30002cb6c1ef19564250cd14e003c8f630e6f31843bffe8c40b05563d14326df1a4a39ab833bbb1729e6c1644fd512801d1d1025d9242706a1e

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation