General
-
Target
b369520368d64a9485f680ef4e65e5bab9b26571ff81721960f70bdcae75c7ca
-
Size
4.2MB
-
Sample
230309-qqxzaabe3x
-
MD5
af590bf9768f5747a3a058028e26bb5b
-
SHA1
1240789f6911a3249b3134af36237eba626f6a52
-
SHA256
b369520368d64a9485f680ef4e65e5bab9b26571ff81721960f70bdcae75c7ca
-
SHA512
22c5b972477d282488b3f1fc2b7fbee0ced62631d673905b24a497d6a133dcfa1ab00915ebf72d29fe84b9af89799e7dbe512009aa81ea19f68727d203fc04bf
-
SSDEEP
98304:FOlPLOGFGOXP74gNIJvJ6eL9QaC96kvavpnY5AdJ6nwHWzV/:FONvGOXMwIBAeL9QaC9inY5AdrHWzh
Malware Config
Targets
-
-
Target
b369520368d64a9485f680ef4e65e5bab9b26571ff81721960f70bdcae75c7ca
-
Size
4.2MB
-
MD5
af590bf9768f5747a3a058028e26bb5b
-
SHA1
1240789f6911a3249b3134af36237eba626f6a52
-
SHA256
b369520368d64a9485f680ef4e65e5bab9b26571ff81721960f70bdcae75c7ca
-
SHA512
22c5b972477d282488b3f1fc2b7fbee0ced62631d673905b24a497d6a133dcfa1ab00915ebf72d29fe84b9af89799e7dbe512009aa81ea19f68727d203fc04bf
-
SSDEEP
98304:FOlPLOGFGOXP74gNIJvJ6eL9QaC96kvavpnY5AdJ6nwHWzV/:FONvGOXMwIBAeL9QaC9inY5AdrHWzh
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-