General

  • Target

    3614d89996c958bbeb4e4d04a0990ba46fe760a8e316ae54416fd609a997dcec

  • Size

    4.0MB

  • Sample

    221003-w2xesaaff5

  • MD5

    1c58b61abeffc1c3f19e76c8e8093c17

  • SHA1

    ce3faebdbea76b62619e959383a99307a1fffd68

  • SHA256

    3614d89996c958bbeb4e4d04a0990ba46fe760a8e316ae54416fd609a997dcec

  • SHA512

    ae204b39d082f0bea0acf8da4b0e6ad000fc0bf17772e248ffa27d2e0a233974102899b058f01fbe7788d33198059bd97c571c1038599db23df099b63ce4eb84

  • SSDEEP

    98304:Es9g/TuWDQNE29WDETS9pssZZMZXj7JeIzn+YcGs3uKc45Z4W:kiOQNEQV2pRZ+sCn+ztuKVV

Malware Config

Targets

    • Target

      3614d89996c958bbeb4e4d04a0990ba46fe760a8e316ae54416fd609a997dcec

    • Size

      4.0MB

    • MD5

      1c58b61abeffc1c3f19e76c8e8093c17

    • SHA1

      ce3faebdbea76b62619e959383a99307a1fffd68

    • SHA256

      3614d89996c958bbeb4e4d04a0990ba46fe760a8e316ae54416fd609a997dcec

    • SHA512

      ae204b39d082f0bea0acf8da4b0e6ad000fc0bf17772e248ffa27d2e0a233974102899b058f01fbe7788d33198059bd97c571c1038599db23df099b63ce4eb84

    • SSDEEP

      98304:Es9g/TuWDQNE29WDETS9pssZZMZXj7JeIzn+YcGs3uKc45Z4W:kiOQNEQV2pRZ+sCn+ztuKVV

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks