General
-
Target
e7fddfde7bf869671640eb927167bd8835c25a2f5e512aeebe685065b1815d5b
-
Size
4.0MB
-
Sample
221123-hzqmkaab5x
-
MD5
fd0319efbbcddf4ce10be7ffaf5dc5c9
-
SHA1
942c57840bfa274c1cf0e5c85e18b14e07a7a1a5
-
SHA256
e7fddfde7bf869671640eb927167bd8835c25a2f5e512aeebe685065b1815d5b
-
SHA512
3bdc34a0e74eb1ec2f12aad79de202f8a065162bf9e91759bed884a750d088acaa0f3a45ed0f4ea98fe6f69bb098b93a57860de60d3120de94eff9090f44fe92
-
SSDEEP
49152:krcFzL+mdliQAPs47oLkkU9uTV1cEop+RjIB9t1ZiDkLiY2MdRJkCsMcMSeZYgx7:qiL+mzAj92V1FVYLZEidjiMRfKgxj2y
Malware Config
Targets
-
-
Target
e7fddfde7bf869671640eb927167bd8835c25a2f5e512aeebe685065b1815d5b
-
Size
4.0MB
-
MD5
fd0319efbbcddf4ce10be7ffaf5dc5c9
-
SHA1
942c57840bfa274c1cf0e5c85e18b14e07a7a1a5
-
SHA256
e7fddfde7bf869671640eb927167bd8835c25a2f5e512aeebe685065b1815d5b
-
SHA512
3bdc34a0e74eb1ec2f12aad79de202f8a065162bf9e91759bed884a750d088acaa0f3a45ed0f4ea98fe6f69bb098b93a57860de60d3120de94eff9090f44fe92
-
SSDEEP
49152:krcFzL+mdliQAPs47oLkkU9uTV1cEop+RjIB9t1ZiDkLiY2MdRJkCsMcMSeZYgx7:qiL+mzAj92V1FVYLZEidjiMRfKgxj2y
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-