General
-
Target
de4a0486d3e7a72ed3ffc6675e3ca91dd0db80e84845ccec460ee0f3a3d7096d
-
Size
4.0MB
-
Sample
221126-slryksfh9x
-
MD5
f0ebf400902cbefaeb71637492fbbe00
-
SHA1
0f33800facf3f40d53f704fb26a53bc4c5b6231c
-
SHA256
de4a0486d3e7a72ed3ffc6675e3ca91dd0db80e84845ccec460ee0f3a3d7096d
-
SHA512
c4a32b4d208e7755f9c5aafa4855812eb49a5c25a1fa39cfe44b47909d61697dc4d0bd7ed0622fa895f604da548d39feb3149699e6c7d330daf99176089439cf
-
SSDEEP
98304:EkJf20977Z3/AMWo3xVAPAAYVKOoSHdIGr1Clo7sbSXFT:EkJu09R4MWoBVjAYVKOTdwAsb4l
Malware Config
Targets
-
-
Target
de4a0486d3e7a72ed3ffc6675e3ca91dd0db80e84845ccec460ee0f3a3d7096d
-
Size
4.0MB
-
MD5
f0ebf400902cbefaeb71637492fbbe00
-
SHA1
0f33800facf3f40d53f704fb26a53bc4c5b6231c
-
SHA256
de4a0486d3e7a72ed3ffc6675e3ca91dd0db80e84845ccec460ee0f3a3d7096d
-
SHA512
c4a32b4d208e7755f9c5aafa4855812eb49a5c25a1fa39cfe44b47909d61697dc4d0bd7ed0622fa895f604da548d39feb3149699e6c7d330daf99176089439cf
-
SSDEEP
98304:EkJf20977Z3/AMWo3xVAPAAYVKOoSHdIGr1Clo7sbSXFT:EkJu09R4MWoBVjAYVKOTdwAsb4l
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-