General
-
Target
48fd12718345b9b563504df8980fa5689df00ddf65097623673346e1ff0388b0
-
Size
4.0MB
-
Sample
230130-rs2wpaaf93
-
MD5
233f55f2246b22dd77bb2a96fe0d9998
-
SHA1
a55c9e5108fd7abd4679873c834b536214e39945
-
SHA256
48fd12718345b9b563504df8980fa5689df00ddf65097623673346e1ff0388b0
-
SHA512
dfba272178e1c5da140d8096058225425c7de570120b0b68f3d37598b22ac48fdd6416ea7876729664241d784dd5de3f5eecb6511747c802df7e1e6d42ee70ed
-
SSDEEP
98304:WsiY6kZgb9Ciqw+IQRLQvn3VpgexCU2wEHl:WsVJZ0MiqrIwLQvnXgdFF
Malware Config
Targets
-
-
Target
48fd12718345b9b563504df8980fa5689df00ddf65097623673346e1ff0388b0
-
Size
4.0MB
-
MD5
233f55f2246b22dd77bb2a96fe0d9998
-
SHA1
a55c9e5108fd7abd4679873c834b536214e39945
-
SHA256
48fd12718345b9b563504df8980fa5689df00ddf65097623673346e1ff0388b0
-
SHA512
dfba272178e1c5da140d8096058225425c7de570120b0b68f3d37598b22ac48fdd6416ea7876729664241d784dd5de3f5eecb6511747c802df7e1e6d42ee70ed
-
SSDEEP
98304:WsiY6kZgb9Ciqw+IQRLQvn3VpgexCU2wEHl:WsVJZ0MiqrIwLQvnXgdFF
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-