General
-
Target
23e94e3b7384a4e08ca5eb3df65320159d11ee12acbae28b8df1a50fdaec3d1f
-
Size
4MB
-
Sample
230202-zl3hmsff62
-
MD5
cec8527a4141de64f8bbfb7cebcf63b8
-
SHA1
7f11873dad6d2970440b054d47bf740bf27fffe6
-
SHA256
23e94e3b7384a4e08ca5eb3df65320159d11ee12acbae28b8df1a50fdaec3d1f
-
SHA512
10fa63076f4ebbd08d3cdf134d60ec17dea040313a989ea281be394dee2b59e7158dbfa76a1161f4e82d93f32c5f0fe5088756eb7f8b874da1138823ec2e335f
-
SSDEEP
98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle5:++/UkRPTXLK4Rj2gkm5I5
Malware Config
Targets
-
-
Target
23e94e3b7384a4e08ca5eb3df65320159d11ee12acbae28b8df1a50fdaec3d1f
-
Size
4MB
-
MD5
cec8527a4141de64f8bbfb7cebcf63b8
-
SHA1
7f11873dad6d2970440b054d47bf740bf27fffe6
-
SHA256
23e94e3b7384a4e08ca5eb3df65320159d11ee12acbae28b8df1a50fdaec3d1f
-
SHA512
10fa63076f4ebbd08d3cdf134d60ec17dea040313a989ea281be394dee2b59e7158dbfa76a1161f4e82d93f32c5f0fe5088756eb7f8b874da1138823ec2e335f
-
SSDEEP
98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle5:++/UkRPTXLK4Rj2gkm5I5
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation