General
-
Target
d08f2a62455a59327aa57c8f49fe4a2db341f33c11392482a737eea1793fb271
-
Size
4.1MB
-
Sample
230201-q32s1ahf33
-
MD5
1e30e8b2bdc5f1b90843e4be86975988
-
SHA1
8e33d429510d3f0161f6528a9fcfa6d231921952
-
SHA256
d08f2a62455a59327aa57c8f49fe4a2db341f33c11392482a737eea1793fb271
-
SHA512
c7d24e1f3e0f9da1a8f661d3945dd140cdc1f58f06e46f7c44d88998ffd721850677d68d7212fb141097462b1ca8e438c5f57ccbca8d2d8d161598e7caf0861b
-
SSDEEP
98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vm:H6f3ZOkSsSJbX2t0b177m5v4jG1FTP
Malware Config
Targets
-
-
Target
d08f2a62455a59327aa57c8f49fe4a2db341f33c11392482a737eea1793fb271
-
Size
4.1MB
-
MD5
1e30e8b2bdc5f1b90843e4be86975988
-
SHA1
8e33d429510d3f0161f6528a9fcfa6d231921952
-
SHA256
d08f2a62455a59327aa57c8f49fe4a2db341f33c11392482a737eea1793fb271
-
SHA512
c7d24e1f3e0f9da1a8f661d3945dd140cdc1f58f06e46f7c44d88998ffd721850677d68d7212fb141097462b1ca8e438c5f57ccbca8d2d8d161598e7caf0861b
-
SSDEEP
98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vm:H6f3ZOkSsSJbX2t0b177m5v4jG1FTP
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-