General
-
Target
501baa36bfeea77500759af2f6f565047545224d648d9ff08df6cd9c6f145687
-
Size
3MB
-
Sample
230202-vkctdaef4v
-
MD5
9aa55150147d88acf2c341a37a2bda07
-
SHA1
e4ab6a595f5329bf44da134fe2e0285e1c6ea346
-
SHA256
501baa36bfeea77500759af2f6f565047545224d648d9ff08df6cd9c6f145687
-
SHA512
36efdcd6badff6efb41586e6d650546f1a92c44cd1c0676206745a38ae51839706623d922bead35a89920abf15dea1bad5d9b9a66727150f769235e2202ede94
-
SSDEEP
98304:Im7WTQTvr/ZyEza7Zl5dQUmp6wPih2/o2Qm:IQvLjZrzuZl5c6wPiw/Rt
Malware Config
Targets
-
-
Target
501baa36bfeea77500759af2f6f565047545224d648d9ff08df6cd9c6f145687
-
Size
3MB
-
MD5
9aa55150147d88acf2c341a37a2bda07
-
SHA1
e4ab6a595f5329bf44da134fe2e0285e1c6ea346
-
SHA256
501baa36bfeea77500759af2f6f565047545224d648d9ff08df6cd9c6f145687
-
SHA512
36efdcd6badff6efb41586e6d650546f1a92c44cd1c0676206745a38ae51839706623d922bead35a89920abf15dea1bad5d9b9a66727150f769235e2202ede94
-
SSDEEP
98304:Im7WTQTvr/ZyEza7Zl5dQUmp6wPih2/o2Qm:IQvLjZrzuZl5c6wPiw/Rt
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation