General
-
Target
ba9b26d8aa9abd7bed2b42dcbf3acfbfebde1a8fd797fa3ab4c92e6f5b55dc65
-
Size
4.1MB
-
Sample
230129-1ay7hsdd63
-
MD5
3a9e0790df3ae5bfe0f1ceffc3e1e788
-
SHA1
4739a2c5c6d28452442350ab1afd86a43ede2fb9
-
SHA256
ba9b26d8aa9abd7bed2b42dcbf3acfbfebde1a8fd797fa3ab4c92e6f5b55dc65
-
SHA512
ba6bb59190824f6121b0a060b8bf740ea165f194904438556fd98d3cdc7ea829307591af21d28b9c9d7bfc86476767e266b30b83fff61fd6ac509766c1b8be38
-
SSDEEP
98304:5DuoQsO6tP6jPuZhekZZnBMvh/lzshv+1VnZxD:tuEftOEDrnwrzs5MBT
Malware Config
Targets
-
-
Target
ba9b26d8aa9abd7bed2b42dcbf3acfbfebde1a8fd797fa3ab4c92e6f5b55dc65
-
Size
4.1MB
-
MD5
3a9e0790df3ae5bfe0f1ceffc3e1e788
-
SHA1
4739a2c5c6d28452442350ab1afd86a43ede2fb9
-
SHA256
ba9b26d8aa9abd7bed2b42dcbf3acfbfebde1a8fd797fa3ab4c92e6f5b55dc65
-
SHA512
ba6bb59190824f6121b0a060b8bf740ea165f194904438556fd98d3cdc7ea829307591af21d28b9c9d7bfc86476767e266b30b83fff61fd6ac509766c1b8be38
-
SSDEEP
98304:5DuoQsO6tP6jPuZhekZZnBMvh/lzshv+1VnZxD:tuEftOEDrnwrzs5MBT
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-