Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

d396b9a6637ed58523d6176d1c40ffc745413371a81116de01ba381745790ad2
Size

4MB
Sample

230202-m4gyfahg8w
MD5

c2c4ba5e35797eb4fa8896f8e6e65101
SHA1

4fef2519ba9fbf91805dd470811dd26401e9fae0
SHA256

d396b9a6637ed58523d6176d1c40ffc745413371a81116de01ba381745790ad2
SHA512

74d7425a126302bbcad3ef3b3f70fbb802c49c9dbf3efd1348c3831499007ae55a5d8320f164ee5a53c944bcda6f1555c161955ecbcf8ea1071b2e6d567ca10f
SSDEEP

98304:OfNdT4ptf8b8DKUjc9bf3SL+7Qi3DT9b4/NVYjchdECzEhSBZJqb7o:OldT4ptf296OiL+v+/NHhdrzBZio

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  d396b9a6637ed58523d6176d1c40ffc745413371a81116de01ba381745790ad2
- Size
  
  4MB
- MD5
  
  c2c4ba5e35797eb4fa8896f8e6e65101
- SHA1
  
  4fef2519ba9fbf91805dd470811dd26401e9fae0
- SHA256
  
  d396b9a6637ed58523d6176d1c40ffc745413371a81116de01ba381745790ad2
- SHA512
  
  74d7425a126302bbcad3ef3b3f70fbb802c49c9dbf3efd1348c3831499007ae55a5d8320f164ee5a53c944bcda6f1555c161955ecbcf8ea1071b2e6d567ca10f
- SSDEEP
  
  98304:OfNdT4ptf8b8DKUjc9bf3SL+7Qi3DT9b4/NVYjchdECzEhSBZJqb7o:OldT4ptf296OiL+v+/NHhdrzBZio
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence