General
-
Target
727d79edd8d07e01304a7374a8b94469cdc959d14706d69287bbcc541adbdaed
-
Size
4.1MB
-
Sample
230127-sjmababg74
-
MD5
ffb21e014e23450463f3b212b954f14b
-
SHA1
753051237aa1ce8ec068df0e845f3ea49f9e0e16
-
SHA256
727d79edd8d07e01304a7374a8b94469cdc959d14706d69287bbcc541adbdaed
-
SHA512
e9f3a9660bf9cb59209c3680da04419de3d65f6a45db7084f794097d79ba6855ab5e6a9a1c712d89b84eddd78e65ad5097c36f90543b0f1e2f38411db93a1073
-
SSDEEP
98304:7Nm7DmHCitZOc0p84hHeMpJXjHDnL9npC/61BmDFlGA1Go:5m7vEZ1fM/rf9npA61IFlZD
Malware Config
Targets
-
-
Target
727d79edd8d07e01304a7374a8b94469cdc959d14706d69287bbcc541adbdaed
-
Size
4.1MB
-
MD5
ffb21e014e23450463f3b212b954f14b
-
SHA1
753051237aa1ce8ec068df0e845f3ea49f9e0e16
-
SHA256
727d79edd8d07e01304a7374a8b94469cdc959d14706d69287bbcc541adbdaed
-
SHA512
e9f3a9660bf9cb59209c3680da04419de3d65f6a45db7084f794097d79ba6855ab5e6a9a1c712d89b84eddd78e65ad5097c36f90543b0f1e2f38411db93a1073
-
SSDEEP
98304:7Nm7DmHCitZOc0p84hHeMpJXjHDnL9npC/61BmDFlGA1Go:5m7vEZ1fM/rf9npA61IFlZD
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-