General
-
Target
45d712e64823a7676b41cf213b993bc708491dee7688aa9c1db0efb7dcaad280
-
Size
4.0MB
-
Sample
221201-qt3zpsfh8z
-
MD5
af8c8bccf959fb69fa2b92911eda4b1e
-
SHA1
27eab0f0358caeb8af780ac60db343098464e014
-
SHA256
45d712e64823a7676b41cf213b993bc708491dee7688aa9c1db0efb7dcaad280
-
SHA512
62c0ea0b63233d2f9c81a275e3a4ac959591b6cedcf074a4c9a06539ac6da145e2f96142a9a09cf72f3f898e089fb8a8f633f5a40a8eb107f4c29d70ae3f6b3d
-
SSDEEP
98304:t7QqQ198dUf/iiFamLv8lSYVpQv+Ph4cgUWS0A/RBMA9o2p4QQO99KJ:tDQ16HiFrLcSYY2PZgNS0ADMQhs
Malware Config
Targets
-
-
Target
45d712e64823a7676b41cf213b993bc708491dee7688aa9c1db0efb7dcaad280
-
Size
4.0MB
-
MD5
af8c8bccf959fb69fa2b92911eda4b1e
-
SHA1
27eab0f0358caeb8af780ac60db343098464e014
-
SHA256
45d712e64823a7676b41cf213b993bc708491dee7688aa9c1db0efb7dcaad280
-
SHA512
62c0ea0b63233d2f9c81a275e3a4ac959591b6cedcf074a4c9a06539ac6da145e2f96142a9a09cf72f3f898e089fb8a8f633f5a40a8eb107f4c29d70ae3f6b3d
-
SSDEEP
98304:t7QqQ198dUf/iiFamLv8lSYVpQv+Ph4cgUWS0A/RBMA9o2p4QQO99KJ:tDQ16HiFrLcSYY2PZgNS0ADMQhs
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-