General
-
Target
7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
-
Size
4MB
-
Sample
230201-zvfegacb86
-
MD5
3bc0a894dc99352751812af09471b4d8
-
SHA1
064182d9f96de1b090ac7a38962305e6573aa611
-
SHA256
7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
-
SHA512
4dca9b828871e081852ba4026bad3ac3e21f7e176121280f889b1fb1e31bcdf40e495745a803fcbd00dc0cd5deaa734cfa8b02260e0c46cf76d1eb954330411b
-
SSDEEP
98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gk:t+6cJIzMQ5HHHJX7dqn6uF5gk
Malware Config
Targets
-
-
Target
7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
-
Size
4MB
-
MD5
3bc0a894dc99352751812af09471b4d8
-
SHA1
064182d9f96de1b090ac7a38962305e6573aa611
-
SHA256
7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
-
SHA512
4dca9b828871e081852ba4026bad3ac3e21f7e176121280f889b1fb1e31bcdf40e495745a803fcbd00dc0cd5deaa734cfa8b02260e0c46cf76d1eb954330411b
-
SSDEEP
98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gk:t+6cJIzMQ5HHHJX7dqn6uF5gk
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation