General
-
Target
7da732bfc81ced9b8ca90fb3975501603832315c67f2c367a744e281f787d956
-
Size
4.0MB
-
Sample
230130-mmlv3abf6w
-
MD5
1c9d69dfe00d64a0e1358f682241edc7
-
SHA1
dc8eb5b0ba762235a2b5935c0ce5ad054bfbcb7a
-
SHA256
7da732bfc81ced9b8ca90fb3975501603832315c67f2c367a744e281f787d956
-
SHA512
7d4d8170de51080ce69e616b0d6bcf2d709c6d23af61a8b8343c06ea625f489385f14f8d1b0902cf6ca2356533ae3968c19402295a9f846bbcba6ede61e284ec
-
SSDEEP
98304:WdOL4/uZgGtCU1Jw2jOpNiTKWTrgdBWwIGF2K:KOLqSgxkw2jO+TKWv6UC
Malware Config
Targets
-
-
Target
7da732bfc81ced9b8ca90fb3975501603832315c67f2c367a744e281f787d956
-
Size
4.0MB
-
MD5
1c9d69dfe00d64a0e1358f682241edc7
-
SHA1
dc8eb5b0ba762235a2b5935c0ce5ad054bfbcb7a
-
SHA256
7da732bfc81ced9b8ca90fb3975501603832315c67f2c367a744e281f787d956
-
SHA512
7d4d8170de51080ce69e616b0d6bcf2d709c6d23af61a8b8343c06ea625f489385f14f8d1b0902cf6ca2356533ae3968c19402295a9f846bbcba6ede61e284ec
-
SSDEEP
98304:WdOL4/uZgGtCU1Jw2jOpNiTKWTrgdBWwIGF2K:KOLqSgxkw2jO+TKWv6UC
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-