Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd
Size

4MB
Sample

230202-zhk47aag2w
MD5

de9be0a5ce8940d9300a8f487a823f03
SHA1

0b3ea5a7ecbf2c6b7942a2f2bf51f2aaf2676653
SHA256

f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd
SHA512

168abacd222c3df5adaa080d50e1c7c5b64ed54721ece2cc4670b5af8703df4021546df7e3d782f518bb3aacc2652e9bd8c350a2773f5b961b17794a99f78afb
SSDEEP

98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle7:++/UkRPTXLK4Rj2gkm5I7

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd
- Size
  
  4MB
- MD5
  
  de9be0a5ce8940d9300a8f487a823f03
- SHA1
  
  0b3ea5a7ecbf2c6b7942a2f2bf51f2aaf2676653
- SHA256
  
  f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd
- SHA512
  
  168abacd222c3df5adaa080d50e1c7c5b64ed54721ece2cc4670b5af8703df4021546df7e3d782f518bb3aacc2652e9bd8c350a2773f5b961b17794a99f78afb
- SSDEEP
  
  98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle7:++/UkRPTXLK4Rj2gkm5I7
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence