General
-
Target
8e839d8e318f36a7ee2e4d4b070862e27fc3ad93affc29bfdcad95cab8b3ae61
-
Size
4.1MB
-
Sample
230128-1a43rsgf63
-
MD5
aa8009cc6fc63a931d2f0addb1392733
-
SHA1
063939ed0b994133cbd14f9e641bf4484db0bcb0
-
SHA256
8e839d8e318f36a7ee2e4d4b070862e27fc3ad93affc29bfdcad95cab8b3ae61
-
SHA512
40549204e90f3d60dc8984acabe9e6a379005f73e1af3a61d2c0f7dc6ffa762531f870860b1cea3c3b123f9a86457b1cb6fa2a7e8e7c0617c52dadbb5547a41b
-
SSDEEP
98304:BcOSPN0ueiVcQ51kmaBVDLp+fpbFwmiNhkVQzmRGopt:BcOSPN09iVV1FstpiLxigVpJt
Malware Config
Targets
-
-
Target
8e839d8e318f36a7ee2e4d4b070862e27fc3ad93affc29bfdcad95cab8b3ae61
-
Size
4.1MB
-
MD5
aa8009cc6fc63a931d2f0addb1392733
-
SHA1
063939ed0b994133cbd14f9e641bf4484db0bcb0
-
SHA256
8e839d8e318f36a7ee2e4d4b070862e27fc3ad93affc29bfdcad95cab8b3ae61
-
SHA512
40549204e90f3d60dc8984acabe9e6a379005f73e1af3a61d2c0f7dc6ffa762531f870860b1cea3c3b123f9a86457b1cb6fa2a7e8e7c0617c52dadbb5547a41b
-
SSDEEP
98304:BcOSPN0ueiVcQ51kmaBVDLp+fpbFwmiNhkVQzmRGopt:BcOSPN09iVV1FstpiLxigVpJt
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-