Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
Size

4MB
Sample

230202-gjkwpsha8t
MD5

54191be6326918905db45343b776ef15
SHA1

3e9390f6c315fc2132f1eb009aca45f0d1121024
SHA256

e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
SHA512

f4f33d389f4e540058638b7f7cad604b821079991193cdd51d40b9226b9365bac99e3c2e67ff94f0adbe3efa3d41f1936ca5414e38085bea87c4357be9156a29
SSDEEP

98304:c2WiC63QUVoC4dkRabWXp2H2LBS/2MnpALy94Gulrqb7K:cX44WabWZ2H2QvnpALym8K

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
- Size
  
  4MB
- MD5
  
  54191be6326918905db45343b776ef15
- SHA1
  
  3e9390f6c315fc2132f1eb009aca45f0d1121024
- SHA256
  
  e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
- SHA512
  
  f4f33d389f4e540058638b7f7cad604b821079991193cdd51d40b9226b9365bac99e3c2e67ff94f0adbe3efa3d41f1936ca5414e38085bea87c4357be9156a29
- SSDEEP
  
  98304:c2WiC63QUVoC4dkRabWXp2H2LBS/2MnpALy94Gulrqb7K:cX44WabWZ2H2QvnpALym8K
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence