General

  • Target

    0e2331875c8fc487912b70383638ff044c20ae3a8961bb647cdd3086fbad1825

  • Size

    4MB

  • Sample

    221130-mjvzkaeh8y

  • MD5

    5363166feb47c24554331cb1d47ffb6d

  • SHA1

    27e91f373e9e55a3d6b1594e9e33bf8618260845

  • SHA256

    0e2331875c8fc487912b70383638ff044c20ae3a8961bb647cdd3086fbad1825

  • SHA512

    57b1c0bbd63a8c37d2b2c39281dc99057453bc3ac82d6e7cec0231b6a57a80290c957ea7d00bfb81310b4a092a9e0d1c167b6f3145c20670ec959376caa4848e

  • SSDEEP

    98304:X6FdWRFN610gFoVywx8Goj8HTZ5YlbRyxFw9x97Qio2:KdWR36ivEQ8ZqTZql9yF6Qa

Malware Config

Targets

    • Target

      0e2331875c8fc487912b70383638ff044c20ae3a8961bb647cdd3086fbad1825

    • Size

      4MB

    • MD5

      5363166feb47c24554331cb1d47ffb6d

    • SHA1

      27e91f373e9e55a3d6b1594e9e33bf8618260845

    • SHA256

      0e2331875c8fc487912b70383638ff044c20ae3a8961bb647cdd3086fbad1825

    • SHA512

      57b1c0bbd63a8c37d2b2c39281dc99057453bc3ac82d6e7cec0231b6a57a80290c957ea7d00bfb81310b4a092a9e0d1c167b6f3145c20670ec959376caa4848e

    • SSDEEP

      98304:X6FdWRFN610gFoVywx8Goj8HTZ5YlbRyxFw9x97Qio2:KdWR36ivEQ8ZqTZql9yF6Qa

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks