General
-
Target
53f3c8200ba93c1fda75cf3da01e45b3cd353e98da72634458332dd96eef1b66
-
Size
4.1MB
-
Sample
230306-jzsycsbc28
-
MD5
a0fe686410e1f13ad16bae63c6930475
-
SHA1
b4c807867a933c4ba4273896e2c14aaf8f566e7c
-
SHA256
53f3c8200ba93c1fda75cf3da01e45b3cd353e98da72634458332dd96eef1b66
-
SHA512
00b6e05a1eefd7c70f196e1a5e74494f4a9555cfd0cb7442f77f62066f222e2d91ca4de36f72aa99e336f3f13133a674ea82356bf48959d08f2cc90ebe98652a
-
SSDEEP
98304:APK/7ar5Jz5rFQhqwyaD+UyNl848r9e4WwFN+pGeP0+bSImhnYT:APKer5VdqhriUyD848pe4W4hr7hYT
Malware Config
Targets
-
-
Target
53f3c8200ba93c1fda75cf3da01e45b3cd353e98da72634458332dd96eef1b66
-
Size
4.1MB
-
MD5
a0fe686410e1f13ad16bae63c6930475
-
SHA1
b4c807867a933c4ba4273896e2c14aaf8f566e7c
-
SHA256
53f3c8200ba93c1fda75cf3da01e45b3cd353e98da72634458332dd96eef1b66
-
SHA512
00b6e05a1eefd7c70f196e1a5e74494f4a9555cfd0cb7442f77f62066f222e2d91ca4de36f72aa99e336f3f13133a674ea82356bf48959d08f2cc90ebe98652a
-
SSDEEP
98304:APK/7ar5Jz5rFQhqwyaD+UyNl848r9e4WwFN+pGeP0+bSImhnYT:APKer5VdqhriUyD848pe4W4hr7hYT
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-