General
-
Target
917b324bf224406c7b3229aff0bc90460ac431b984e661d1f4e760b3d8549896
-
Size
4.1MB
-
Sample
230127-sh37fadc7v
-
MD5
0b20d45000efa951190e51c206b78400
-
SHA1
08d4fb104c390c697d401115d5d0c924ab73e6b3
-
SHA256
917b324bf224406c7b3229aff0bc90460ac431b984e661d1f4e760b3d8549896
-
SHA512
2e7a807e280430cee8097f8285fb761cebf1cda190783ab77e7ab154488bf03472a0d722a79f538f2e86d92a9ecf294ae53559440be57fb747f64eeb2c5e000e
-
SSDEEP
98304:7Nm7DmHCitZOc0p84hHeMpJXjHDnL9npC/61BmDFlGA1G7:5m7vEZ1fM/rf9npA61IFlZw
Malware Config
Targets
-
-
Target
917b324bf224406c7b3229aff0bc90460ac431b984e661d1f4e760b3d8549896
-
Size
4.1MB
-
MD5
0b20d45000efa951190e51c206b78400
-
SHA1
08d4fb104c390c697d401115d5d0c924ab73e6b3
-
SHA256
917b324bf224406c7b3229aff0bc90460ac431b984e661d1f4e760b3d8549896
-
SHA512
2e7a807e280430cee8097f8285fb761cebf1cda190783ab77e7ab154488bf03472a0d722a79f538f2e86d92a9ecf294ae53559440be57fb747f64eeb2c5e000e
-
SSDEEP
98304:7Nm7DmHCitZOc0p84hHeMpJXjHDnL9npC/61BmDFlGA1G7:5m7vEZ1fM/rf9npA61IFlZw
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-