General
-
Target
662a32e50876b6e322914cc7a0f849cc7ebb4fcd1cc669dde4aa487774ff4af8
-
Size
4.0MB
-
Sample
221124-acgr5shc8x
-
MD5
d2b8a9c3d6fe4faf6ef3877b437078a1
-
SHA1
b4bc3e088889218dfa1bbdb23cabb9239542515c
-
SHA256
662a32e50876b6e322914cc7a0f849cc7ebb4fcd1cc669dde4aa487774ff4af8
-
SHA512
bac6a0f1c26bd39b1cd5c8093dc1d5dba403b2a09239a45f79236a774faa36a66c1ba9fca5c0b965e5f562b12dabfac9c1a363ba45fea5b2643aabb2c3703ce4
-
SSDEEP
98304:d4H6MakeJ1W4DrEvzZecVYmjEtkZbbCeeLpuK:d4afSeZ8ceCd7
Malware Config
Targets
-
-
Target
662a32e50876b6e322914cc7a0f849cc7ebb4fcd1cc669dde4aa487774ff4af8
-
Size
4.0MB
-
MD5
d2b8a9c3d6fe4faf6ef3877b437078a1
-
SHA1
b4bc3e088889218dfa1bbdb23cabb9239542515c
-
SHA256
662a32e50876b6e322914cc7a0f849cc7ebb4fcd1cc669dde4aa487774ff4af8
-
SHA512
bac6a0f1c26bd39b1cd5c8093dc1d5dba403b2a09239a45f79236a774faa36a66c1ba9fca5c0b965e5f562b12dabfac9c1a363ba45fea5b2643aabb2c3703ce4
-
SSDEEP
98304:d4H6MakeJ1W4DrEvzZecVYmjEtkZbbCeeLpuK:d4afSeZ8ceCd7
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-