General
-
Target
a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad
-
Size
3MB
-
Sample
230203-a7g2dshd64
-
MD5
ca49b8da21d25386180738d26a7d12e1
-
SHA1
af00c5c02a8857442c93d9786c89b0847fc83f62
-
SHA256
a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad
-
SHA512
a11bf9a58c45c4f8a52c3c7a3da555a5a0b217e878193c4fbda977515bd007f43b5fde341779189979df8c0696a8d5a83dabc7a32dcea9986b8d5c8d6fa96b84
-
SSDEEP
98304:5AEP08IlO5HIyHblLw4/BP/sCf9zhVR3d5BVBo9QdBKJUYF86xED:5c8EO5HIy79V/dFWJi
Malware Config
Targets
-
-
Target
a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad
-
Size
3MB
-
MD5
ca49b8da21d25386180738d26a7d12e1
-
SHA1
af00c5c02a8857442c93d9786c89b0847fc83f62
-
SHA256
a25b9b66ef7916b32260ec964ef317f302de24b498290cef3399e1c38da792ad
-
SHA512
a11bf9a58c45c4f8a52c3c7a3da555a5a0b217e878193c4fbda977515bd007f43b5fde341779189979df8c0696a8d5a83dabc7a32dcea9986b8d5c8d6fa96b84
-
SSDEEP
98304:5AEP08IlO5HIyHblLw4/BP/sCf9zhVR3d5BVBo9QdBKJUYF86xED:5c8EO5HIy79V/dFWJi
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation