General

  • Target

    7ac697e5a2425db1cfec58a20135359c944bab70e9bf5a7eebf4c7ec4cdde5e6

  • Size

    4.2MB

  • Sample

    230608-pv8e5sga9t

  • MD5

    a7830e9384ace175c997e0c2e16554e3

  • SHA1

    1887589d8318d70d79e5287b71b79d6fc265c296

  • SHA256

    7ac697e5a2425db1cfec58a20135359c944bab70e9bf5a7eebf4c7ec4cdde5e6

  • SHA512

    07f7594796eaccae95a45daf4bd277d7ef9ab770d0a157dc8c29e98d6094906ecd8b11408be0491060320c4d0cb987135d1dbc721d5d95c8209393fe9b834d18

  • SSDEEP

    98304:14Oukmwozu5N1sjvc6C5HzAFpDV4v2Gff887WFFSEVpe1l6UqT5uNC:Mxw0u5Xsj06C5HzAFtV4vjftWfSDTd47

Malware Config

Targets

    • Target

      7ac697e5a2425db1cfec58a20135359c944bab70e9bf5a7eebf4c7ec4cdde5e6

    • Size

      4.2MB

    • MD5

      a7830e9384ace175c997e0c2e16554e3

    • SHA1

      1887589d8318d70d79e5287b71b79d6fc265c296

    • SHA256

      7ac697e5a2425db1cfec58a20135359c944bab70e9bf5a7eebf4c7ec4cdde5e6

    • SHA512

      07f7594796eaccae95a45daf4bd277d7ef9ab770d0a157dc8c29e98d6094906ecd8b11408be0491060320c4d0cb987135d1dbc721d5d95c8209393fe9b834d18

    • SSDEEP

      98304:14Oukmwozu5N1sjvc6C5HzAFpDV4v2Gff887WFFSEVpe1l6UqT5uNC:Mxw0u5Xsj06C5HzAFtV4vjftWfSDTd47

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks