General

  • Target

    f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5

  • Size

    4MB

  • Sample

    230202-vw421agd5w

  • MD5

    ec7335e1150a4b91c655db53b3cc7260

  • SHA1

    911f163da90a2e25660ca38e9492907f20406126

  • SHA256

    f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5

  • SHA512

    4261cc1724d867bb8efd95265d24638d2fb32a2d6a1c22e2b49b89a1df2ceadee2a59e92350b8ff4e2a3dda7d435784344999e5fa367126a60884760b7b28e92

  • SSDEEP

    98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7x:NYlnGSQUZ3epsppPYLr/KffXjxXx

Malware Config

Targets

    • Target

      f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5

    • Size

      4MB

    • MD5

      ec7335e1150a4b91c655db53b3cc7260

    • SHA1

      911f163da90a2e25660ca38e9492907f20406126

    • SHA256

      f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5

    • SHA512

      4261cc1724d867bb8efd95265d24638d2fb32a2d6a1c22e2b49b89a1df2ceadee2a59e92350b8ff4e2a3dda7d435784344999e5fa367126a60884760b7b28e92

    • SSDEEP

      98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7x:NYlnGSQUZ3epsppPYLr/KffXjxXx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Tasks