General
-
Target
80f770c1f11103bbea543dcff9ceb97f253db7840de874975e1fbf3e5ccfe0a8
-
Size
6.8MB
-
Sample
220724-x6rwjadgfj
-
MD5
3318aa683a5af77980f89bab753eeba2
-
SHA1
9a80ea6a2d4d08177a7f7c294e066505dbaef8cd
-
SHA256
80f770c1f11103bbea543dcff9ceb97f253db7840de874975e1fbf3e5ccfe0a8
-
SHA512
2366021bc9602ecfe715a7938bd34b4254265430896848a092742791dd8e8694cadf564f6c0d165641d34af4e6feee53ae20782f7e597ebbf025349c74df44e0
Malware Config
Targets
-
-
Target
80f770c1f11103bbea543dcff9ceb97f253db7840de874975e1fbf3e5ccfe0a8
-
Size
6.8MB
-
MD5
3318aa683a5af77980f89bab753eeba2
-
SHA1
9a80ea6a2d4d08177a7f7c294e066505dbaef8cd
-
SHA256
80f770c1f11103bbea543dcff9ceb97f253db7840de874975e1fbf3e5ccfe0a8
-
SHA512
2366021bc9602ecfe715a7938bd34b4254265430896848a092742791dd8e8694cadf564f6c0d165641d34af4e6feee53ae20782f7e597ebbf025349c74df44e0
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-