General
-
Target
0c82df0468ea527ceb1fea658be0447b256d9d1c0713050911a2b2baf991348e
-
Size
4.2MB
-
Sample
230313-pahzracd2w
-
MD5
1801bdcf20504e07954d3f29cfa09103
-
SHA1
a239a9f88d90bf5af26fa2e273da8cefa79fa0ee
-
SHA256
0c82df0468ea527ceb1fea658be0447b256d9d1c0713050911a2b2baf991348e
-
SHA512
af3a3a49f86ee6ad306867584ba1e6bdd7495fbfe6d347b3f0255a23d230515ff2eb26c1ef2fe81fc6fc4569733879384c96dc9b77478c7a3276cd0baf2ce64a
-
SSDEEP
98304:vfTQaK13bLGVkqWCgAARHTmawsb7BKp9EHtFMDs:vfTzK13ey3Jaawu7BK/YtaDs
Malware Config
Targets
-
-
Target
0c82df0468ea527ceb1fea658be0447b256d9d1c0713050911a2b2baf991348e
-
Size
4.2MB
-
MD5
1801bdcf20504e07954d3f29cfa09103
-
SHA1
a239a9f88d90bf5af26fa2e273da8cefa79fa0ee
-
SHA256
0c82df0468ea527ceb1fea658be0447b256d9d1c0713050911a2b2baf991348e
-
SHA512
af3a3a49f86ee6ad306867584ba1e6bdd7495fbfe6d347b3f0255a23d230515ff2eb26c1ef2fe81fc6fc4569733879384c96dc9b77478c7a3276cd0baf2ce64a
-
SSDEEP
98304:vfTQaK13bLGVkqWCgAARHTmawsb7BKp9EHtFMDs:vfTzK13ey3Jaawu7BK/YtaDs
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-