General

  • Target

    4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb

  • Size

    4MB

  • Sample

    230125-m37sgahd71

  • MD5

    d5f38c43c2b69a76a8cf277d55f8c23f

  • SHA1

    2a20856f4ebcfbcd32acc990fa1f8656c93cc609

  • SHA256

    4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb

  • SHA512

    74bf35d58c79e84b80879c9e0a11ddd80c894bd73a586a18bbd4955fa29a689ce620836af5ffccb915b1acaa379f563552e8153b1b7a9ed5536ff97d2db06fb2

  • SSDEEP

    98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R

Malware Config

Targets

    • Target

      4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb

    • Size

      4MB

    • MD5

      d5f38c43c2b69a76a8cf277d55f8c23f

    • SHA1

      2a20856f4ebcfbcd32acc990fa1f8656c93cc609

    • SHA256

      4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb

    • SHA512

      74bf35d58c79e84b80879c9e0a11ddd80c894bd73a586a18bbd4955fa29a689ce620836af5ffccb915b1acaa379f563552e8153b1b7a9ed5536ff97d2db06fb2

    • SSDEEP

      98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks