General
-
Target
a10b330aff5115e2f3fc729e35737902797602c9713c1e96b3c995d47ae90565
-
Size
4.1MB
-
Sample
230201-bbh49adb3z
-
MD5
a3f2e8137b8748a10760dfaa9f8739be
-
SHA1
e817f6f445cf4c423a1a13fe49221237771ae6d6
-
SHA256
a10b330aff5115e2f3fc729e35737902797602c9713c1e96b3c995d47ae90565
-
SHA512
6775f9e7b0b0382336471dc14f2440c08dac75f42a6fd0a0be0905b82b719bef52d96878c2cfa8cb3ffa29f539b0e151c33eeb105f4ffb6e6b3a5598a0f75a48
-
SSDEEP
98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7Jk:rPd0l2GpC4plgE43YW9JIP
Malware Config
Targets
-
-
Target
a10b330aff5115e2f3fc729e35737902797602c9713c1e96b3c995d47ae90565
-
Size
4.1MB
-
MD5
a3f2e8137b8748a10760dfaa9f8739be
-
SHA1
e817f6f445cf4c423a1a13fe49221237771ae6d6
-
SHA256
a10b330aff5115e2f3fc729e35737902797602c9713c1e96b3c995d47ae90565
-
SHA512
6775f9e7b0b0382336471dc14f2440c08dac75f42a6fd0a0be0905b82b719bef52d96878c2cfa8cb3ffa29f539b0e151c33eeb105f4ffb6e6b3a5598a0f75a48
-
SSDEEP
98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7Jk:rPd0l2GpC4plgE43YW9JIP
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-