General

  • Target

    a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad

  • Size

    4.0MB

  • Sample

    230203-a7g2dshd64

  • MD5

    ca49b8da21d25386180738d26a7d12e1

  • SHA1

    af00c5c02a8857442c93d9786c89b0847fc83f62

  • SHA256

    a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad

  • SHA512

    a11bf9a58c45c4f8a52c3c7a3da555a5a0b217e878193c4fbda977515bd007f43b5fde341779189979df8c0696a8d5a83dabc7a32dcea9986b8d5c8d6fa96b84

  • SSDEEP

    98304:5AEP08IlO5HIyHblLw4/BP/sCf9zhVR3d5BVBo9QdBKJUYF86xED:5c8EO5HIy79V/dFWJi

Malware Config

Targets

    • Target

      a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad

    • Size

      4.0MB

    • MD5

      ca49b8da21d25386180738d26a7d12e1

    • SHA1

      af00c5c02a8857442c93d9786c89b0847fc83f62

    • SHA256

      a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad

    • SHA512

      a11bf9a58c45c4f8a52c3c7a3da555a5a0b217e878193c4fbda977515bd007f43b5fde341779189979df8c0696a8d5a83dabc7a32dcea9986b8d5c8d6fa96b84

    • SSDEEP

      98304:5AEP08IlO5HIyHblLw4/BP/sCf9zhVR3d5BVBo9QdBKJUYF86xED:5c8EO5HIy79V/dFWJi

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Discovery

Query Registry

1
T1012

Command and Control

Web Service

1
T1102

Tasks