General
-
Target
a18792139933fb677f2111e8375389a1b1b341a3012b838ced19b4ce8fe59bf1
-
Size
4.0MB
-
Sample
230130-l8w3gsbe9z
-
MD5
f0bc40aaecf364ead835f7e69aa4d4c1
-
SHA1
c2cecc1bc18cf83a4537fcbc69be9710af5cb319
-
SHA256
a18792139933fb677f2111e8375389a1b1b341a3012b838ced19b4ce8fe59bf1
-
SHA512
201f8fad9f995105da47d80fe28b924b8ca09dfa787bfd61cac7937871e91184047f7c04ba3e8918b5be553c30c401ebb3335b7502291a31aac1869c9670f72a
-
SSDEEP
98304:GoalFw0ZyeRE7esgoy2qxVmJAk1a9BCzBSPvfyXjkwGO7Mq:DalFw0keRTiuMrg9ouAgJcf
Malware Config
Targets
-
-
Target
a18792139933fb677f2111e8375389a1b1b341a3012b838ced19b4ce8fe59bf1
-
Size
4.0MB
-
MD5
f0bc40aaecf364ead835f7e69aa4d4c1
-
SHA1
c2cecc1bc18cf83a4537fcbc69be9710af5cb319
-
SHA256
a18792139933fb677f2111e8375389a1b1b341a3012b838ced19b4ce8fe59bf1
-
SHA512
201f8fad9f995105da47d80fe28b924b8ca09dfa787bfd61cac7937871e91184047f7c04ba3e8918b5be553c30c401ebb3335b7502291a31aac1869c9670f72a
-
SSDEEP
98304:GoalFw0ZyeRE7esgoy2qxVmJAk1a9BCzBSPvfyXjkwGO7Mq:DalFw0keRTiuMrg9ouAgJcf
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-