General
-
Target
f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41
-
Size
3MB
-
Sample
230202-rdatnaee7s
-
MD5
da9f8f49854878c38e95f93006bc7c19
-
SHA1
8ae980378bd2c42a24f2a6b4be2f0695a97860d6
-
SHA256
f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41
-
SHA512
357ff9810a8f66ebe301daf160072a5ea11a2e579b79d0a34d1b66106facb9b7e9cd045dcf4dd41dd6302e39c31c094438c2c447911504e2d274e65963a7835f
-
SSDEEP
98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazK:/0GemSkKNLFnj2wBcm
Malware Config
Targets
-
-
Target
f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41
-
Size
3MB
-
MD5
da9f8f49854878c38e95f93006bc7c19
-
SHA1
8ae980378bd2c42a24f2a6b4be2f0695a97860d6
-
SHA256
f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41
-
SHA512
357ff9810a8f66ebe301daf160072a5ea11a2e579b79d0a34d1b66106facb9b7e9cd045dcf4dd41dd6302e39c31c094438c2c447911504e2d274e65963a7835f
-
SSDEEP
98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazK:/0GemSkKNLFnj2wBcm
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation