General
-
Target
5a6853f829446f25fa1eb6f2ce7becdec4391499f877ab99c9e970f716e9828a
-
Size
4.1MB
-
Sample
230128-z9gwvaab2z
-
MD5
4e68447482cb9f6ed313666f99d1f16a
-
SHA1
0a5a8a0f868a0cf7633717a88cefe40b2814924f
-
SHA256
5a6853f829446f25fa1eb6f2ce7becdec4391499f877ab99c9e970f716e9828a
-
SHA512
3cca46730ee90ae0b7f638aa512cc8cd8b14ceebb5eac72f46e19989e1165f317c468a800293670094835ad09d05938ebdde0c2adf3d1ef089ca8c38033d48aa
-
SSDEEP
98304:LnA6Nzgkpu1YiCPL2q+9zfEuZBbp7RQjRY3d1bt1dYG4Xy1w1:LNNzC1YiCJ+xZxQjCYf
Malware Config
Targets
-
-
Target
5a6853f829446f25fa1eb6f2ce7becdec4391499f877ab99c9e970f716e9828a
-
Size
4.1MB
-
MD5
4e68447482cb9f6ed313666f99d1f16a
-
SHA1
0a5a8a0f868a0cf7633717a88cefe40b2814924f
-
SHA256
5a6853f829446f25fa1eb6f2ce7becdec4391499f877ab99c9e970f716e9828a
-
SHA512
3cca46730ee90ae0b7f638aa512cc8cd8b14ceebb5eac72f46e19989e1165f317c468a800293670094835ad09d05938ebdde0c2adf3d1ef089ca8c38033d48aa
-
SSDEEP
98304:LnA6Nzgkpu1YiCPL2q+9zfEuZBbp7RQjRY3d1bt1dYG4Xy1w1:LNNzC1YiCJ+xZxQjCYf
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-