Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

b09bbeb6b29868ba53b7f88c2d3c15bae0fa1a73e09d1b71bb71a02a56773515
Size

4MB
Sample

230202-a9xvmafg4t
MD5

0f6b430de1176275cb7084fc5e5a0454
SHA1

6872dc2bf03e2c6b75d395836c59c7bc7ca839dd
SHA256

b09bbeb6b29868ba53b7f88c2d3c15bae0fa1a73e09d1b71bb71a02a56773515
SHA512

7b3bd05add20b49831585da2fb17ee172a0e88e03583ab9ec6d1053d5daa7f0b01d812459e6b6d4d0c498accf56a869a437a21aa86f9d1e4f831b6c6d7880105
SSDEEP

98304:ifP6JKXgGxPRAyMQc4SUMpUUUoMXvhLnTdH3Y:ifP6cXlStQRuY53G

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  b09bbeb6b29868ba53b7f88c2d3c15bae0fa1a73e09d1b71bb71a02a56773515
- Size
  
  4MB
- MD5
  
  0f6b430de1176275cb7084fc5e5a0454
- SHA1
  
  6872dc2bf03e2c6b75d395836c59c7bc7ca839dd
- SHA256
  
  b09bbeb6b29868ba53b7f88c2d3c15bae0fa1a73e09d1b71bb71a02a56773515
- SHA512
  
  7b3bd05add20b49831585da2fb17ee172a0e88e03583ab9ec6d1053d5daa7f0b01d812459e6b6d4d0c498accf56a869a437a21aa86f9d1e4f831b6c6d7880105
- SSDEEP
  
  98304:ifP6JKXgGxPRAyMQc4SUMpUUUoMXvhLnTdH3Y:ifP6cXlStQRuY53G
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan