General

  • Target

    b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416

  • Size

    4.1MB

  • Sample

    230201-a7hmxsda9v

  • MD5

    216348d1a6bfd229f076c7ff0b33ffab

  • SHA1

    8c97e6a52f31b8da26f5a9708ab6c335ba92391a

  • SHA256

    b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416

  • SHA512

    c10076f51991a7eb92428d25a44623f14e473928c4bb2ebd8a5659878e29b2534f71071a5f08a4792b78c09f26ed7160390166293bc4b1eac9fcb241948d4299

  • SSDEEP

    98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7JC:rPd0l2GpC4plgE43YW9JIF

Malware Config

Targets

    • Target

      b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416

    • Size

      4.1MB

    • MD5

      216348d1a6bfd229f076c7ff0b33ffab

    • SHA1

      8c97e6a52f31b8da26f5a9708ab6c335ba92391a

    • SHA256

      b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416

    • SHA512

      c10076f51991a7eb92428d25a44623f14e473928c4bb2ebd8a5659878e29b2534f71071a5f08a4792b78c09f26ed7160390166293bc4b1eac9fcb241948d4299

    • SSDEEP

      98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7JC:rPd0l2GpC4plgE43YW9JIF

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Command and Control

Web Service

1
T1102

Tasks