General
-
Target
00d96622c23135b6ec15736d04e7a419209db463c0f9115a4597525d546821a3
-
Size
4MB
-
Sample
230201-zq4w9sea7v
-
MD5
79484436d73aec5b152e6fb86f84b725
-
SHA1
b92f474f15647d22b5a39cde5f830a38e881c6a2
-
SHA256
00d96622c23135b6ec15736d04e7a419209db463c0f9115a4597525d546821a3
-
SHA512
049e2cc8a5e2c3e6b22035cf35b524eaa7862141011b1a3ae0f818b8a52f58e6dabdaeb431b62116239d32d51e2915abcfe65d479fd7f7b210fce0c431da943c
-
SSDEEP
98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gA:t+6cJIzMQ5HHHJX7dqn6uF5gA
Malware Config
Targets
-
-
Target
00d96622c23135b6ec15736d04e7a419209db463c0f9115a4597525d546821a3
-
Size
4MB
-
MD5
79484436d73aec5b152e6fb86f84b725
-
SHA1
b92f474f15647d22b5a39cde5f830a38e881c6a2
-
SHA256
00d96622c23135b6ec15736d04e7a419209db463c0f9115a4597525d546821a3
-
SHA512
049e2cc8a5e2c3e6b22035cf35b524eaa7862141011b1a3ae0f818b8a52f58e6dabdaeb431b62116239d32d51e2915abcfe65d479fd7f7b210fce0c431da943c
-
SSDEEP
98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gA:t+6cJIzMQ5HHHJX7dqn6uF5gA
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation