General
-
Target
6e7d14091a04717d4e79f5d220f21349c30817a2bed9661e7b8d2ec7b8eb141f
-
Size
4MB
-
Sample
230202-zhkhnaag2v
-
MD5
d744d69f4252bd8ffeb21451981b9111
-
SHA1
ced8439cc2f6082df88d12d841bc6a934f76ab10
-
SHA256
6e7d14091a04717d4e79f5d220f21349c30817a2bed9661e7b8d2ec7b8eb141f
-
SHA512
0fca375352d75872b4109683b899201e7e1b96599dc08e85a10e635deeb29c710112f6e6e7e0f032bb278a34a04a7b118f1504e761c367000190b2ab0c782e1d
-
SSDEEP
98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFlex:++/UkRPTXLK4Rj2gkm5Ix
Malware Config
Targets
-
-
Target
6e7d14091a04717d4e79f5d220f21349c30817a2bed9661e7b8d2ec7b8eb141f
-
Size
4MB
-
MD5
d744d69f4252bd8ffeb21451981b9111
-
SHA1
ced8439cc2f6082df88d12d841bc6a934f76ab10
-
SHA256
6e7d14091a04717d4e79f5d220f21349c30817a2bed9661e7b8d2ec7b8eb141f
-
SHA512
0fca375352d75872b4109683b899201e7e1b96599dc08e85a10e635deeb29c710112f6e6e7e0f032bb278a34a04a7b118f1504e761c367000190b2ab0c782e1d
-
SSDEEP
98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFlex:++/UkRPTXLK4Rj2gkm5Ix
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation