General
-
Target
5ddcc10be17efb5bd5187ab0eb81fdb719c42fdbd3f61e5d3f2fe3217ac58274
-
Size
4.1MB
-
Sample
221202-ghnafahe93
-
MD5
45934bda32fc45775d4aa71c127f25c5
-
SHA1
ef0fd2ef7da5890548dda223b1390fa6fb5f5667
-
SHA256
5ddcc10be17efb5bd5187ab0eb81fdb719c42fdbd3f61e5d3f2fe3217ac58274
-
SHA512
661fdeb76c0bcfef0ce934078b4f22e42b2fdefc27c5a9c1e7dab778765c56dbb6fbdf8e749197d1da7b2bcc70cba86f9c86c01a04f66f9a26d5badfef1a1653
-
SSDEEP
98304:uCuDvNM85ITm/CZiRiTgzqLcB5yp6fLO+vYKuHC8j5rqeYq:uzbNJ5ITmKURiWq05oQO+9urjpq2
Malware Config
Targets
-
-
Target
5ddcc10be17efb5bd5187ab0eb81fdb719c42fdbd3f61e5d3f2fe3217ac58274
-
Size
4.1MB
-
MD5
45934bda32fc45775d4aa71c127f25c5
-
SHA1
ef0fd2ef7da5890548dda223b1390fa6fb5f5667
-
SHA256
5ddcc10be17efb5bd5187ab0eb81fdb719c42fdbd3f61e5d3f2fe3217ac58274
-
SHA512
661fdeb76c0bcfef0ce934078b4f22e42b2fdefc27c5a9c1e7dab778765c56dbb6fbdf8e749197d1da7b2bcc70cba86f9c86c01a04f66f9a26d5badfef1a1653
-
SSDEEP
98304:uCuDvNM85ITm/CZiRiTgzqLcB5yp6fLO+vYKuHC8j5rqeYq:uzbNJ5ITmKURiWq05oQO+9urjpq2
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-