General
-
Target
e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
-
Size
4.1MB
-
Sample
230202-gjkwpsha8t
-
MD5
54191be6326918905db45343b776ef15
-
SHA1
3e9390f6c315fc2132f1eb009aca45f0d1121024
-
SHA256
e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
-
SHA512
f4f33d389f4e540058638b7f7cad604b821079991193cdd51d40b9226b9365bac99e3c2e67ff94f0adbe3efa3d41f1936ca5414e38085bea87c4357be9156a29
-
SSDEEP
98304:c2WiC63QUVoC4dkRabWXp2H2LBS/2MnpALy94Gulrqb7K:cX44WabWZ2H2QvnpALym8K
Malware Config
Targets
-
-
Target
e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
-
Size
4.1MB
-
MD5
54191be6326918905db45343b776ef15
-
SHA1
3e9390f6c315fc2132f1eb009aca45f0d1121024
-
SHA256
e968a76266922eec63735ab3a4c39431599f85dec879ca60c0b14ec30a6fbf89
-
SHA512
f4f33d389f4e540058638b7f7cad604b821079991193cdd51d40b9226b9365bac99e3c2e67ff94f0adbe3efa3d41f1936ca5414e38085bea87c4357be9156a29
-
SSDEEP
98304:c2WiC63QUVoC4dkRabWXp2H2LBS/2MnpALy94Gulrqb7K:cX44WabWZ2H2QvnpALym8K
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-