General

  • Target

    cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264

  • Size

    4.2MB

  • Sample

    230202-wjtaeabh6w

  • MD5

    9729aed0deeae79b340f1cc6a96561a5

  • SHA1

    169b0538ec432848e75def0c6a75d863a3786a2b

  • SHA256

    cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264

  • SHA512

    e9fe2d5903405464d59598424b01a85117d253ce211756330f0717180112760cddb2d637440d13b3891b2b41291e48eaeb173c557feabdc24d1dbe620ced7273

  • SSDEEP

    98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7S:43y0CjTmEYbQqXoZUYlZcYHAn5cV5S

Malware Config

Targets

    • Target

      cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264

    • Size

      4.2MB

    • MD5

      9729aed0deeae79b340f1cc6a96561a5

    • SHA1

      169b0538ec432848e75def0c6a75d863a3786a2b

    • SHA256

      cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264

    • SHA512

      e9fe2d5903405464d59598424b01a85117d253ce211756330f0717180112760cddb2d637440d13b3891b2b41291e48eaeb173c557feabdc24d1dbe620ced7273

    • SSDEEP

      98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7S:43y0CjTmEYbQqXoZUYlZcYHAn5cV5S

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Tasks