General
-
Target
5ecaebe3d9630c06cf230f0178617130588c3392a0348642a4f756753226f78b
-
Size
4.1MB
-
Sample
220829-yf3qsafcc9
-
MD5
a9b65d759727afa5714cbc082dfc32c0
-
SHA1
131315ce0a9aa5e998e54eb370e2ea2b2ce07e3a
-
SHA256
5ecaebe3d9630c06cf230f0178617130588c3392a0348642a4f756753226f78b
-
SHA512
2f926410e0eaba0796669b81491537fc2a6edd4f52e39ebab75bac19c194e623a83889be8d3821ce097434703af117e539985c68a15465a7c4012bd082f63617
-
SSDEEP
98304:D2f1Lb6GpfYy7oA1ttIIVQ+FfTRZSE2qZ4KWFw4EZg1:8FbHfYz2QwTRZp2MsLEZI
Malware Config
Targets
-
-
Target
5ecaebe3d9630c06cf230f0178617130588c3392a0348642a4f756753226f78b
-
Size
4.1MB
-
MD5
a9b65d759727afa5714cbc082dfc32c0
-
SHA1
131315ce0a9aa5e998e54eb370e2ea2b2ce07e3a
-
SHA256
5ecaebe3d9630c06cf230f0178617130588c3392a0348642a4f756753226f78b
-
SHA512
2f926410e0eaba0796669b81491537fc2a6edd4f52e39ebab75bac19c194e623a83889be8d3821ce097434703af117e539985c68a15465a7c4012bd082f63617
-
SSDEEP
98304:D2f1Lb6GpfYy7oA1ttIIVQ+FfTRZSE2qZ4KWFw4EZg1:8FbHfYz2QwTRZp2MsLEZI
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-