Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

c30e9e8a5d0b94662f5df255361a5591757d21d47f5e333d5f8d5f09adf0d9df
Size

4MB
Sample

230201-vev3rscf9y
MD5

018624a1898d8033d163c1ceb92b6cd6
SHA1

8ac12101a412ae9f91ddd4bbb7e83d5d597e5af7
SHA256

c30e9e8a5d0b94662f5df255361a5591757d21d47f5e333d5f8d5f09adf0d9df
SHA512

cc9e9a6071631c046e2272d24ad8c5aacc797964e3bcd3f9285326069157c65bb3d98a35cfdc2aa2f2b9800129fadb9be0971ce7c64b52708d088717323e4a57
SSDEEP

98304:Cph+CIu6fFZNwqNV2pdlHi/wePQieUey5QYW:CPgRVudxi/xRdh5Q1

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  c30e9e8a5d0b94662f5df255361a5591757d21d47f5e333d5f8d5f09adf0d9df
- Size
  
  4MB
- MD5
  
  018624a1898d8033d163c1ceb92b6cd6
- SHA1
  
  8ac12101a412ae9f91ddd4bbb7e83d5d597e5af7
- SHA256
  
  c30e9e8a5d0b94662f5df255361a5591757d21d47f5e333d5f8d5f09adf0d9df
- SHA512
  
  cc9e9a6071631c046e2272d24ad8c5aacc797964e3bcd3f9285326069157c65bb3d98a35cfdc2aa2f2b9800129fadb9be0971ce7c64b52708d088717323e4a57
- SSDEEP
  
  98304:Cph+CIu6fFZNwqNV2pdlHi/wePQieUey5QYW:CPgRVudxi/xRdh5Q1
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence