General
-
Target
f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5
-
Size
4.2MB
-
Sample
230202-vw421agd5w
-
MD5
ec7335e1150a4b91c655db53b3cc7260
-
SHA1
911f163da90a2e25660ca38e9492907f20406126
-
SHA256
f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5
-
SHA512
4261cc1724d867bb8efd95265d24638d2fb32a2d6a1c22e2b49b89a1df2ceadee2a59e92350b8ff4e2a3dda7d435784344999e5fa367126a60884760b7b28e92
-
SSDEEP
98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7x:NYlnGSQUZ3epsppPYLr/KffXjxXx
Malware Config
Targets
-
-
Target
f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5
-
Size
4.2MB
-
MD5
ec7335e1150a4b91c655db53b3cc7260
-
SHA1
911f163da90a2e25660ca38e9492907f20406126
-
SHA256
f96c19c8c934e6cc6645304078f7b2c24969832918e31999fcf75e8447f487a5
-
SHA512
4261cc1724d867bb8efd95265d24638d2fb32a2d6a1c22e2b49b89a1df2ceadee2a59e92350b8ff4e2a3dda7d435784344999e5fa367126a60884760b7b28e92
-
SSDEEP
98304:5foflnI/gx3QUZTRzDrqIeKSsp++PY4DaUKLjWhfSsGwjxyZqb7x:NYlnGSQUZ3epsppPYLr/KffXjxXx
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-