General
-
Target
c431388dc124d48af483b1022b251c32c89dd97afe9921481c181ba5a74dc2d1
-
Size
4MB
-
Sample
230202-ncd8xafh36
-
MD5
bbdfdc950ea82f62c63aac37260ae934
-
SHA1
383146ad79477f1f61053c7658194860df031c4e
-
SHA256
c431388dc124d48af483b1022b251c32c89dd97afe9921481c181ba5a74dc2d1
-
SHA512
fbc5d83059d91e22f54cf290d9b50a88ad00cff4f21ab60d4e925815a0fce610adf4932f85000284cc9eda12f039a2f475685ca87a383c7781db6f68fefd6848
-
SSDEEP
98304:v6s7eYqXEy+L60B3c2olZONxtlg6KFySws2pMtBO8onbqb7s:vf7cXEjfsxlZOBlg6KFT52piQNnMs
Malware Config
Targets
-
-
Target
c431388dc124d48af483b1022b251c32c89dd97afe9921481c181ba5a74dc2d1
-
Size
4MB
-
MD5
bbdfdc950ea82f62c63aac37260ae934
-
SHA1
383146ad79477f1f61053c7658194860df031c4e
-
SHA256
c431388dc124d48af483b1022b251c32c89dd97afe9921481c181ba5a74dc2d1
-
SHA512
fbc5d83059d91e22f54cf290d9b50a88ad00cff4f21ab60d4e925815a0fce610adf4932f85000284cc9eda12f039a2f475685ca87a383c7781db6f68fefd6848
-
SSDEEP
98304:v6s7eYqXEy+L60B3c2olZONxtlg6KFySws2pMtBO8onbqb7s:vf7cXEjfsxlZOBlg6KFT52piQNnMs
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation