Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

512b845b1bd43ff794453607f42fb7c2c95580fb45f1f9e4fab1da689f35a914
Size

3MB
Sample

230202-vj7blaef21
MD5

9eb42dc40f9b11a721452d517768139d
SHA1

b0661a12a12f3a3f32023a5b897717f9754acd16
SHA256

512b845b1bd43ff794453607f42fb7c2c95580fb45f1f9e4fab1da689f35a914
SHA512

c92e9d6a4013b1076cc79348a7b7d5b45424b647a64ff7d5e1f69ca212a34047773bfa9506420ba9c11d1a574cdb9b5be3e98df40d9704f599997b19357e677f
SSDEEP

98304:Im7WTQTvr/ZyEza7Zl5dQUmp6wPih2/o2Qr:IQvLjZrzuZl5c6wPiw/Rg

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  512b845b1bd43ff794453607f42fb7c2c95580fb45f1f9e4fab1da689f35a914
- Size
  
  3MB
- MD5
  
  9eb42dc40f9b11a721452d517768139d
- SHA1
  
  b0661a12a12f3a3f32023a5b897717f9754acd16
- SHA256
  
  512b845b1bd43ff794453607f42fb7c2c95580fb45f1f9e4fab1da689f35a914
- SHA512
  
  c92e9d6a4013b1076cc79348a7b7d5b45424b647a64ff7d5e1f69ca212a34047773bfa9506420ba9c11d1a574cdb9b5be3e98df40d9704f599997b19357e677f
- SSDEEP
  
  98304:Im7WTQTvr/ZyEza7Zl5dQUmp6wPih2/o2Qr:IQvLjZrzuZl5c6wPiw/Rg
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan