General
-
Target
96edc9a53833e577df9f53dedac2d1c08b98bce186135749e9d10c791db8aec9
-
Size
4MB
-
Sample
230202-vn3h7sfc3x
-
MD5
0ce62574f0d9044323fd32cec2c564bd
-
SHA1
b84c4d7c12250e348674226284450e6bdfbd44bb
-
SHA256
96edc9a53833e577df9f53dedac2d1c08b98bce186135749e9d10c791db8aec9
-
SHA512
d63f218f1a5bb96dab7fc20ba9e18d73460016e2bd04a063f678cc6abb97f82bf0163f6e1eb3bbeb0d62a4d8cd1234bb5f42c24d7a8c0d867a2df4c945afb4a0
-
SSDEEP
98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7R:NYlnGSQUZ3epsppPYLr/KffXjxXR
Malware Config
Targets
-
-
Target
96edc9a53833e577df9f53dedac2d1c08b98bce186135749e9d10c791db8aec9
-
Size
4MB
-
MD5
0ce62574f0d9044323fd32cec2c564bd
-
SHA1
b84c4d7c12250e348674226284450e6bdfbd44bb
-
SHA256
96edc9a53833e577df9f53dedac2d1c08b98bce186135749e9d10c791db8aec9
-
SHA512
d63f218f1a5bb96dab7fc20ba9e18d73460016e2bd04a063f678cc6abb97f82bf0163f6e1eb3bbeb0d62a4d8cd1234bb5f42c24d7a8c0d867a2df4c945afb4a0
-
SSDEEP
98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7R:NYlnGSQUZ3epsppPYLr/KffXjxXR
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation