General
-
Target
68e118a37dc9ca4544b023992f8ea57fa65ea2de0f2536ee1aa0a7ccdce6b1a0
-
Size
4.1MB
-
Sample
230131-zfymhaac96
-
MD5
f7e1ce3d041988cd23b019ead1b52eb6
-
SHA1
0a076bd4318915bb70594222debdc0f64f2a524c
-
SHA256
68e118a37dc9ca4544b023992f8ea57fa65ea2de0f2536ee1aa0a7ccdce6b1a0
-
SHA512
ae45ec51aeb6a76170e2daf6aa19ff43889edc36d54023f5edeff3815a2d374882509a25437ed263f01bc1de01be2ec47b0f51af0728d76a714cdef78cf8897e
-
SSDEEP
98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoF:pGP4TOarwlQl5Yj7aXzNeEGKoF3
Malware Config
Targets
-
-
Target
68e118a37dc9ca4544b023992f8ea57fa65ea2de0f2536ee1aa0a7ccdce6b1a0
-
Size
4.1MB
-
MD5
f7e1ce3d041988cd23b019ead1b52eb6
-
SHA1
0a076bd4318915bb70594222debdc0f64f2a524c
-
SHA256
68e118a37dc9ca4544b023992f8ea57fa65ea2de0f2536ee1aa0a7ccdce6b1a0
-
SHA512
ae45ec51aeb6a76170e2daf6aa19ff43889edc36d54023f5edeff3815a2d374882509a25437ed263f01bc1de01be2ec47b0f51af0728d76a714cdef78cf8897e
-
SSDEEP
98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoF:pGP4TOarwlQl5Yj7aXzNeEGKoF3
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-