General
-
Target
23ddf8b253fd368089ef9ff25cabaf58d8af309be9d586c4f7bcf2fd3b333d19
-
Size
4.1MB
-
Sample
230312-1mk6esfe59
-
MD5
f23673ee41f590a86b6bec8a6cf8b2cd
-
SHA1
8b05f1599aa8950064599c7a0f72bdea06bc543a
-
SHA256
23ddf8b253fd368089ef9ff25cabaf58d8af309be9d586c4f7bcf2fd3b333d19
-
SHA512
d5078a7098f562dcf99b0aed815ecdd82186c5c8a257b38973fb63bdf8309bb06f08b4cfd37b9298bf63cb4e5b6c192954ea1eda923c685e770b9c8046d508ee
-
SSDEEP
98304:FmC+o57TxAzD4ynmuUxoEFNyZYu1XBNTb2n6z4:NTxukWU8Zj1XPTI60
Malware Config
Targets
-
-
Target
23ddf8b253fd368089ef9ff25cabaf58d8af309be9d586c4f7bcf2fd3b333d19
-
Size
4.1MB
-
MD5
f23673ee41f590a86b6bec8a6cf8b2cd
-
SHA1
8b05f1599aa8950064599c7a0f72bdea06bc543a
-
SHA256
23ddf8b253fd368089ef9ff25cabaf58d8af309be9d586c4f7bcf2fd3b333d19
-
SHA512
d5078a7098f562dcf99b0aed815ecdd82186c5c8a257b38973fb63bdf8309bb06f08b4cfd37b9298bf63cb4e5b6c192954ea1eda923c685e770b9c8046d508ee
-
SSDEEP
98304:FmC+o57TxAzD4ynmuUxoEFNyZYu1XBNTb2n6z4:NTxukWU8Zj1XPTI60
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-