General
-
Target
1833d7fb6a31928e5af15de08640a993598d3335a7893807ed21a5e075b1b48c
-
Size
3MB
-
Sample
230202-vb9rraee6y
-
MD5
b7c494f516b0b4e3646ceeb07ff0f3bd
-
SHA1
153feb9c47d668600ad9770898b03227467719d2
-
SHA256
1833d7fb6a31928e5af15de08640a993598d3335a7893807ed21a5e075b1b48c
-
SHA512
f1fb618d9f243c23b3a6fd8ddcbd6c090eb91a0c82a3069b0b79afee674217d0e2b8408a1b1eb0badfbb9505b99de6936d324b7f8db6ea7648a9ac832c9d5318
-
SSDEEP
98304:TorSjpqCjRWs+aS/uZR88eK2ShU0NCUFSNTEaxJepw5ZV/iBQ1v:TfjphtWs+aS/udeLShU0VYTqqxiK
Malware Config
Targets
-
-
Target
1833d7fb6a31928e5af15de08640a993598d3335a7893807ed21a5e075b1b48c
-
Size
3MB
-
MD5
b7c494f516b0b4e3646ceeb07ff0f3bd
-
SHA1
153feb9c47d668600ad9770898b03227467719d2
-
SHA256
1833d7fb6a31928e5af15de08640a993598d3335a7893807ed21a5e075b1b48c
-
SHA512
f1fb618d9f243c23b3a6fd8ddcbd6c090eb91a0c82a3069b0b79afee674217d0e2b8408a1b1eb0badfbb9505b99de6936d324b7f8db6ea7648a9ac832c9d5318
-
SSDEEP
98304:TorSjpqCjRWs+aS/uZR88eK2ShU0NCUFSNTEaxJepw5ZV/iBQ1v:TfjphtWs+aS/udeLShU0VYTqqxiK
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation