Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

21f7d20c031cdec75b7b012916ba1d2770a3bef1afeb8298a1adc7f1c665de21
Size

3MB
Sample

230202-q9myesdh4y
MD5

f38956912d839d9ba354cbe3c65a985e
SHA1

279a5260840526051dbecf578d790aab8b669d6e
SHA256

21f7d20c031cdec75b7b012916ba1d2770a3bef1afeb8298a1adc7f1c665de21
SHA512

3532769c284287e2cffb7e97f7a69b802f0381fdd2875df9d455f1f6b1801f17e395d29f67e85862478f6ad253c5db19dff0a823c8a52a7ba7faadc144fe9c5b
SSDEEP

98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazq:/0GemSkKNLFnj2wBcu

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  21f7d20c031cdec75b7b012916ba1d2770a3bef1afeb8298a1adc7f1c665de21
- Size
  
  3MB
- MD5
  
  f38956912d839d9ba354cbe3c65a985e
- SHA1
  
  279a5260840526051dbecf578d790aab8b669d6e
- SHA256
  
  21f7d20c031cdec75b7b012916ba1d2770a3bef1afeb8298a1adc7f1c665de21
- SHA512
  
  3532769c284287e2cffb7e97f7a69b802f0381fdd2875df9d455f1f6b1801f17e395d29f67e85862478f6ad253c5db19dff0a823c8a52a7ba7faadc144fe9c5b
- SSDEEP
  
  98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazq:/0GemSkKNLFnj2wBcu
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence