General
-
Target
1c37457846871cd337640425d8462ccf14a15a517b382543a15147d37711a0e4
-
Size
4.0MB
-
Sample
230207-s8mblscd87
-
MD5
de1fd90e02a78961ff5abad593be0501
-
SHA1
d2bf62817dd455e2aaa7458e15392645d854140e
-
SHA256
1c37457846871cd337640425d8462ccf14a15a517b382543a15147d37711a0e4
-
SHA512
3735f1f0c04592ea8b9e115201d07130f2c711e5a72550dd1235926b71599b3e8c0f79d0573fae3750aed5789cc4ae1f32528369bdf8c2e1817872233b0a6794
-
SSDEEP
49152:9MNvexabSZTToojLB7UbO6dnx+03A71JWahrq2wQubFruTaBlQqbwxBHOn/4Zc6m:2Nv/SMoQO6JE03A71JNJ2DBR0xhH38bd
Malware Config
Targets
-
-
Target
1c37457846871cd337640425d8462ccf14a15a517b382543a15147d37711a0e4
-
Size
4.0MB
-
MD5
de1fd90e02a78961ff5abad593be0501
-
SHA1
d2bf62817dd455e2aaa7458e15392645d854140e
-
SHA256
1c37457846871cd337640425d8462ccf14a15a517b382543a15147d37711a0e4
-
SHA512
3735f1f0c04592ea8b9e115201d07130f2c711e5a72550dd1235926b71599b3e8c0f79d0573fae3750aed5789cc4ae1f32528369bdf8c2e1817872233b0a6794
-
SSDEEP
49152:9MNvexabSZTToojLB7UbO6dnx+03A71JWahrq2wQubFruTaBlQqbwxBHOn/4Zc6m:2Nv/SMoQO6JE03A71JNJ2DBR0xhH38bd
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-