General
-
Target
8d4cf5db6f4c8f127e54442ce8ca74670ffe64b304c6bc93c8648d0792fa7990
-
Size
4.1MB
-
Sample
230131-y34atsca9t
-
MD5
dca4d95d96153f66c493696ac564ef42
-
SHA1
9710719d6b895e7fc27f2bb9d4bd1fab68aee17f
-
SHA256
8d4cf5db6f4c8f127e54442ce8ca74670ffe64b304c6bc93c8648d0792fa7990
-
SHA512
5d29f04e5780b82a16fe909f25c6e9f2699bb1d8d9174a1661d03f1822355d9108db014bc127712f7ec81cb2ce612ec0bd959380f70ff613e9d2e19a0bbd214d
-
SSDEEP
98304:6AZs8Is3Ux2NclzGImsasArZdP5jvcsL4HZWx/5pqT/X:Z6sjNclzGImsasAddPZ1O+k
Malware Config
Targets
-
-
Target
8d4cf5db6f4c8f127e54442ce8ca74670ffe64b304c6bc93c8648d0792fa7990
-
Size
4.1MB
-
MD5
dca4d95d96153f66c493696ac564ef42
-
SHA1
9710719d6b895e7fc27f2bb9d4bd1fab68aee17f
-
SHA256
8d4cf5db6f4c8f127e54442ce8ca74670ffe64b304c6bc93c8648d0792fa7990
-
SHA512
5d29f04e5780b82a16fe909f25c6e9f2699bb1d8d9174a1661d03f1822355d9108db014bc127712f7ec81cb2ce612ec0bd959380f70ff613e9d2e19a0bbd214d
-
SSDEEP
98304:6AZs8Is3Ux2NclzGImsasArZdP5jvcsL4HZWx/5pqT/X:Z6sjNclzGImsasAddPZ1O+k
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-