Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

91e6317345adf067b796436efc9bb9f08e1fb9670bf6334c72b561d8c85bb463
Size

4MB
Sample

230201-vdj9wacf81
MD5

fd9b3f344641569527af4f0515f87985
SHA1

4549f73345c1333f8a27a3d146aa0ecd8f5d4a25
SHA256

91e6317345adf067b796436efc9bb9f08e1fb9670bf6334c72b561d8c85bb463
SHA512

fed66b2e9f33a7697ed79ade711c558c3112314c75211f3d1b2b32f4516e87827f58273e1367dbe3f88c5646b2b4fa97ad0c328a792aed13f54f262a7c80e53d
SSDEEP

98304:Cph+CIu6fFZNwqNV2pdlHi/wePQieUey5QY8:CPgRVudxi/xRdh5QX

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  91e6317345adf067b796436efc9bb9f08e1fb9670bf6334c72b561d8c85bb463
- Size
  
  4MB
- MD5
  
  fd9b3f344641569527af4f0515f87985
- SHA1
  
  4549f73345c1333f8a27a3d146aa0ecd8f5d4a25
- SHA256
  
  91e6317345adf067b796436efc9bb9f08e1fb9670bf6334c72b561d8c85bb463
- SHA512
  
  fed66b2e9f33a7697ed79ade711c558c3112314c75211f3d1b2b32f4516e87827f58273e1367dbe3f88c5646b2b4fa97ad0c328a792aed13f54f262a7c80e53d
- SSDEEP
  
  98304:Cph+CIu6fFZNwqNV2pdlHi/wePQieUey5QY8:CPgRVudxi/xRdh5QX
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence