General
-
Target
54c77bdb1fcae4712dabdfb63d9caf1facd30247395152dd0671b5341d2d9475
-
Size
3MB
-
Sample
230202-t54l6aba22
-
MD5
e970aa6a5684f796e1b505590a34e63b
-
SHA1
cb628cc446a7667200c876a939590b63cfa07ff3
-
SHA256
54c77bdb1fcae4712dabdfb63d9caf1facd30247395152dd0671b5341d2d9475
-
SHA512
e640663e15564b0286a8cbb7b6959a657fa3a0f169d8f35fb7b59100ba0ea89ad9914b968dcfbc30a49372b1c828aa6beb24a654e4276e5099ecad790324be91
-
SSDEEP
98304:TorSjpqCjRWs+aS/uZR88eK2ShU0NCUFSNTEaxJepw5ZV/iBQ1O:TfjphtWs+aS/udeLShU0VYTqqxiD
Malware Config
Targets
-
-
Target
54c77bdb1fcae4712dabdfb63d9caf1facd30247395152dd0671b5341d2d9475
-
Size
3MB
-
MD5
e970aa6a5684f796e1b505590a34e63b
-
SHA1
cb628cc446a7667200c876a939590b63cfa07ff3
-
SHA256
54c77bdb1fcae4712dabdfb63d9caf1facd30247395152dd0671b5341d2d9475
-
SHA512
e640663e15564b0286a8cbb7b6959a657fa3a0f169d8f35fb7b59100ba0ea89ad9914b968dcfbc30a49372b1c828aa6beb24a654e4276e5099ecad790324be91
-
SSDEEP
98304:TorSjpqCjRWs+aS/uZR88eK2ShU0NCUFSNTEaxJepw5ZV/iBQ1O:TfjphtWs+aS/udeLShU0VYTqqxiD
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation