General
-
Target
ca6ccfeb0d17106ad054bffe0d323065d46f564925ee25475814266c1fc5f424
-
Size
4.1MB
-
Sample
230204-kv97hsch99
-
MD5
6790db9ab628acb05b46a63eb196f649
-
SHA1
27343fadf889e4b73f9096398fc02c159fb1dd6d
-
SHA256
ca6ccfeb0d17106ad054bffe0d323065d46f564925ee25475814266c1fc5f424
-
SHA512
f149ed1a38fab6931b13ef3f200e1a866b5ebaf6aaeef0d0fa69d0f12b5ed2e4fa3c6037dc6a65e71c67489b1d42b061c69d0a43d9250e17dfdf6d2008d76645
-
SSDEEP
98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw37:6nag0q2tEHSUIFFHgPngw
Malware Config
Targets
-
-
Target
ca6ccfeb0d17106ad054bffe0d323065d46f564925ee25475814266c1fc5f424
-
Size
4.1MB
-
MD5
6790db9ab628acb05b46a63eb196f649
-
SHA1
27343fadf889e4b73f9096398fc02c159fb1dd6d
-
SHA256
ca6ccfeb0d17106ad054bffe0d323065d46f564925ee25475814266c1fc5f424
-
SHA512
f149ed1a38fab6931b13ef3f200e1a866b5ebaf6aaeef0d0fa69d0f12b5ed2e4fa3c6037dc6a65e71c67489b1d42b061c69d0a43d9250e17dfdf6d2008d76645
-
SSDEEP
98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw37:6nag0q2tEHSUIFFHgPngw
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-