General
-
Target
7695b25fe9524eb35f9de4485b480b0985175c01b86f96c1629905b9aa6f8652
-
Size
4MB
-
Sample
230202-v3nctsec49
-
MD5
301bc1aff92308244341e839e223a1a7
-
SHA1
ea3a6013c0e3cd68a312c092dde9d3965b9d54de
-
SHA256
7695b25fe9524eb35f9de4485b480b0985175c01b86f96c1629905b9aa6f8652
-
SHA512
27e7989a7c24cbe8c3c5645d936fbffe7c055fafce35d470d0ced8812767c75f838be3a683f3c0f589578e67a894022a972bedeba108e07d748194d13dca3f26
-
SSDEEP
98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7N:43y0CjTmEYbQqXoZUYlZcYHAn5cV5N
Malware Config
Targets
-
-
Target
7695b25fe9524eb35f9de4485b480b0985175c01b86f96c1629905b9aa6f8652
-
Size
4MB
-
MD5
301bc1aff92308244341e839e223a1a7
-
SHA1
ea3a6013c0e3cd68a312c092dde9d3965b9d54de
-
SHA256
7695b25fe9524eb35f9de4485b480b0985175c01b86f96c1629905b9aa6f8652
-
SHA512
27e7989a7c24cbe8c3c5645d936fbffe7c055fafce35d470d0ced8812767c75f838be3a683f3c0f589578e67a894022a972bedeba108e07d748194d13dca3f26
-
SSDEEP
98304:RC/oay0UtjjvmEYbQqX7o9EAxis5NYNYAOkLXq8AHA6OGY1L5mLVKqb7N:43y0CjTmEYbQqXoZUYlZcYHAn5cV5N
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation