General
-
Target
c461b75c3886311612083976b4dea38f4a241a2f95b7844c8cafd242ce747fab
-
Size
4.0MB
-
Sample
230203-vhe6qagb82
-
MD5
9d32ac007d637c90f32bb472d7a890cb
-
SHA1
eb7ce2145bee1f143b8ead1d5cc1def882df6c96
-
SHA256
c461b75c3886311612083976b4dea38f4a241a2f95b7844c8cafd242ce747fab
-
SHA512
eb569cf6c36f39b1a06700b442b431bd83ba40d5e1ee19d631f457565b54b042ef80b7511cd2914369a8be39869e4d0e03d992a1027663d531735a8cc06ebfe1
-
SSDEEP
98304:QNTB01MdPAIJl0nUKsyE0/z5P3hXlzGVamuONuTrpuwJFJbmJxBafb61:QNTBX57yIc9JXlqVamuyKuwJb0WTe
Malware Config
Targets
-
-
Target
c461b75c3886311612083976b4dea38f4a241a2f95b7844c8cafd242ce747fab
-
Size
4.0MB
-
MD5
9d32ac007d637c90f32bb472d7a890cb
-
SHA1
eb7ce2145bee1f143b8ead1d5cc1def882df6c96
-
SHA256
c461b75c3886311612083976b4dea38f4a241a2f95b7844c8cafd242ce747fab
-
SHA512
eb569cf6c36f39b1a06700b442b431bd83ba40d5e1ee19d631f457565b54b042ef80b7511cd2914369a8be39869e4d0e03d992a1027663d531735a8cc06ebfe1
-
SSDEEP
98304:QNTB01MdPAIJl0nUKsyE0/z5P3hXlzGVamuONuTrpuwJFJbmJxBafb61:QNTBX57yIc9JXlqVamuyKuwJb0WTe
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-