General

  • Target

    da30bd435cf3667e65339532ea7752af3868b1dff163fe4a8e40998670fa56b0

  • Size

    4.2MB

  • Sample

    230607-ape43sgg2s

  • MD5

    0d5b6c0bc9cc1399de66b2c241459307

  • SHA1

    14e59f873a9d48a4facccd0bf9fb4f6658be95f0

  • SHA256

    da30bd435cf3667e65339532ea7752af3868b1dff163fe4a8e40998670fa56b0

  • SHA512

    a6713deaea1e3bb3e0b5157180d5be154c15238f87b3d2da65b8d9d6a7d6a32cd728dfd9f4b2d52b443a8d97c5c610ba9ea3842b49880faffa8255d1d0b70a2d

  • SSDEEP

    98304:KRpqgcnrakfp/v5EYMUDaH8BuphD4LYzqMjBd5Nmn8GbQKYrL:Ep3kfp/v59PD/kaM+MjL3ZGETL

Malware Config

Targets

    • Target

      da30bd435cf3667e65339532ea7752af3868b1dff163fe4a8e40998670fa56b0

    • Size

      4.2MB

    • MD5

      0d5b6c0bc9cc1399de66b2c241459307

    • SHA1

      14e59f873a9d48a4facccd0bf9fb4f6658be95f0

    • SHA256

      da30bd435cf3667e65339532ea7752af3868b1dff163fe4a8e40998670fa56b0

    • SHA512

      a6713deaea1e3bb3e0b5157180d5be154c15238f87b3d2da65b8d9d6a7d6a32cd728dfd9f4b2d52b443a8d97c5c610ba9ea3842b49880faffa8255d1d0b70a2d

    • SSDEEP

      98304:KRpqgcnrakfp/v5EYMUDaH8BuphD4LYzqMjBd5Nmn8GbQKYrL:Ep3kfp/v59PD/kaM+MjL3ZGETL

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

System Information Discovery

1
T1082

Tasks