General

  • Target

    02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db

  • Size

    4.1MB

  • Sample

    230131-t6dgcsba2y

  • MD5

    339af15ed707e34ad1d48b2317ed349d

  • SHA1

    4018e91e2bef9dc454ff9b5b871bed293fa32fd5

  • SHA256

    02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db

  • SHA512

    5cb7e27969d67bef34fb4597b21748eeac649e31bf3a006ab7c8b0cfd3758a6973644bbe63b60fe99601207a83e19cd44af579024209371585e6ddef19d9e1cb

  • SSDEEP

    98304:Kc0lgzThpRURyzY9KY+mJv0mTjHZari0FPpVBeRxQa:Kc0WpaAzY9KY+K1TjHZ30dpzcT

Malware Config

Targets

    • Target

      02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db

    • Size

      4.1MB

    • MD5

      339af15ed707e34ad1d48b2317ed349d

    • SHA1

      4018e91e2bef9dc454ff9b5b871bed293fa32fd5

    • SHA256

      02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db

    • SHA512

      5cb7e27969d67bef34fb4597b21748eeac649e31bf3a006ab7c8b0cfd3758a6973644bbe63b60fe99601207a83e19cd44af579024209371585e6ddef19d9e1cb

    • SSDEEP

      98304:Kc0lgzThpRURyzY9KY+mJv0mTjHZari0FPpVBeRxQa:Kc0WpaAzY9KY+K1TjHZ30dpzcT

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Tasks