General

  • Target

    901fb9c358dd2eb67dc9bfda71cb81756cebed0925a45f8063c8d6443e4fa828

  • Size

    3MB

  • Sample

    221130-j5lfgafb4x

  • MD5

    4c9a92c564a506bae2708786cf56a938

  • SHA1

    7665193369eaac822e50406d487944ce39848915

  • SHA256

    901fb9c358dd2eb67dc9bfda71cb81756cebed0925a45f8063c8d6443e4fa828

  • SHA512

    1087bf5e1accf91cfdda8e26eb16277a1509dbec551dd70bbb4e5a4f4b93185af6ed1529d9cc96f10fadbb234027ed0e0d0b33b00dffc401faf3bb0a2a09997c

  • SSDEEP

    98304:XCJJ5+/VzIz6djIHm8C8wtfXfUnI+LQ2AblX:W+NzdN8LwGWtblX

Malware Config

Targets

    • Target

      901fb9c358dd2eb67dc9bfda71cb81756cebed0925a45f8063c8d6443e4fa828

    • Size

      3MB

    • MD5

      4c9a92c564a506bae2708786cf56a938

    • SHA1

      7665193369eaac822e50406d487944ce39848915

    • SHA256

      901fb9c358dd2eb67dc9bfda71cb81756cebed0925a45f8063c8d6443e4fa828

    • SHA512

      1087bf5e1accf91cfdda8e26eb16277a1509dbec551dd70bbb4e5a4f4b93185af6ed1529d9cc96f10fadbb234027ed0e0d0b33b00dffc401faf3bb0a2a09997c

    • SSDEEP

      98304:XCJJ5+/VzIz6djIHm8C8wtfXfUnI+LQ2AblX:W+NzdN8LwGWtblX

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks