Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264
Size

4MB
Sample

230202-wjtaeabh6w
MD5

9729aed0deeae79b340f1cc6a96561a5
SHA1

169b0538ec432848e75def0c6a75d863a3786a2b
SHA256

cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264
SHA512

e9fe2d5903405464d59598424b01a85117d253ce211756330f0717180112760cddb2d637440d13b3891b2b41291e48eaeb173c557feabdc24d1dbe620ced7273
SSDEEP

98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7S:43y0CjTmEYbQqXoZUYlZcYHAn5cV5S

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264
- Size
  
  4MB
- MD5
  
  9729aed0deeae79b340f1cc6a96561a5
- SHA1
  
  169b0538ec432848e75def0c6a75d863a3786a2b
- SHA256
  
  cd191920ad8844e36d6935487d43d8a3e3d129323bef2e8c984a647cbe07c264
- SHA512
  
  e9fe2d5903405464d59598424b01a85117d253ce211756330f0717180112760cddb2d637440d13b3891b2b41291e48eaeb173c557feabdc24d1dbe620ced7273
- SSDEEP
  
  98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7S:43y0CjTmEYbQqXoZUYlZcYHAn5cV5S
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence