General
-
Target
116ddfeba115e1774a7263b8be0c12aa71851b7db2a2177c4ad54212a20a57f6
-
Size
4.0MB
-
Sample
230130-gpxsfshd88
-
MD5
75ff9e4903322c627a53ebcc13378b03
-
SHA1
a538c2d1b0413ba6c92fc5f74a4cae8cdcb852d6
-
SHA256
116ddfeba115e1774a7263b8be0c12aa71851b7db2a2177c4ad54212a20a57f6
-
SHA512
c148fd4d3fab44c2d431dce3c8ad6cb0cea68b601e81dc1a5e39de92fde1b428429ec2e38669ac67e2aa98da429c0b1c7fdcf3364e483b1f6521931ff36a10ef
-
SSDEEP
98304:E37rfveJ+kmT1wRwWdYN3H6xhxH5zew4KVKh:G7zvufM1wRXdYBUPH56mVKh
Malware Config
Targets
-
-
Target
116ddfeba115e1774a7263b8be0c12aa71851b7db2a2177c4ad54212a20a57f6
-
Size
4.0MB
-
MD5
75ff9e4903322c627a53ebcc13378b03
-
SHA1
a538c2d1b0413ba6c92fc5f74a4cae8cdcb852d6
-
SHA256
116ddfeba115e1774a7263b8be0c12aa71851b7db2a2177c4ad54212a20a57f6
-
SHA512
c148fd4d3fab44c2d431dce3c8ad6cb0cea68b601e81dc1a5e39de92fde1b428429ec2e38669ac67e2aa98da429c0b1c7fdcf3364e483b1f6521931ff36a10ef
-
SSDEEP
98304:E37rfveJ+kmT1wRwWdYN3H6xhxH5zew4KVKh:G7zvufM1wRXdYBUPH56mVKh
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-