General
-
Target
089606636e31a08240a5af3e7846106d6a413ea016342bc93222fd8461bc40bb
-
Size
4MB
-
Sample
230203-aygn9shc84
-
MD5
912a10d13a170a50165c84fb5703c306
-
SHA1
1c17bf4064b437feb8517f1588941a38b0941d5a
-
SHA256
089606636e31a08240a5af3e7846106d6a413ea016342bc93222fd8461bc40bb
-
SHA512
51d4d518bb8906749a106e046033262d8ec4c41cdf25a7b65bf8dc1fc5b7db3c495c0e5b65ee410b8737947589254ee090a16738d04aeac2c500d0ca70a72177
-
SSDEEP
98304:Vf59iuS/9venNrbATkRXXJKCbbsK5WY8SL/MLv:FzslGn+KJRvsK5gJ
Malware Config
Targets
-
-
Target
089606636e31a08240a5af3e7846106d6a413ea016342bc93222fd8461bc40bb
-
Size
4MB
-
MD5
912a10d13a170a50165c84fb5703c306
-
SHA1
1c17bf4064b437feb8517f1588941a38b0941d5a
-
SHA256
089606636e31a08240a5af3e7846106d6a413ea016342bc93222fd8461bc40bb
-
SHA512
51d4d518bb8906749a106e046033262d8ec4c41cdf25a7b65bf8dc1fc5b7db3c495c0e5b65ee410b8737947589254ee090a16738d04aeac2c500d0ca70a72177
-
SSDEEP
98304:Vf59iuS/9venNrbATkRXXJKCbbsK5WY8SL/MLv:FzslGn+KJRvsK5gJ
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation