General
-
Target
770575551e535787acf86c67a5a03dc4e278ee1806fbacfbce7250e1c585539d
-
Size
4.1MB
-
Sample
230319-17jhbscd8y
-
MD5
cb643b18e16d73f6ccb585bde07442b0
-
SHA1
16cc850176c67edcc5e6fbd98e79c7a58a34e0f9
-
SHA256
770575551e535787acf86c67a5a03dc4e278ee1806fbacfbce7250e1c585539d
-
SHA512
d2b95c7f0094c67fcfa3d81f39e51958d1b56b7557b5790621b5748abbaaf3955ffcca31debb5985d60dd16b1f0e4ba8e30a07108d49f2c7e783e286ce2bd4cf
-
SSDEEP
49152:a/pHutSjj/FX6725Lm+e1Df2y3u6r7AOQlL1M2+a4pwxQnz6Yydw6LyxmEVEcLvB:a/puaUN3u6QUdDcdPGxRG5hksjE4YVN3
Malware Config
Targets
-
-
Target
770575551e535787acf86c67a5a03dc4e278ee1806fbacfbce7250e1c585539d
-
Size
4.1MB
-
MD5
cb643b18e16d73f6ccb585bde07442b0
-
SHA1
16cc850176c67edcc5e6fbd98e79c7a58a34e0f9
-
SHA256
770575551e535787acf86c67a5a03dc4e278ee1806fbacfbce7250e1c585539d
-
SHA512
d2b95c7f0094c67fcfa3d81f39e51958d1b56b7557b5790621b5748abbaaf3955ffcca31debb5985d60dd16b1f0e4ba8e30a07108d49f2c7e783e286ce2bd4cf
-
SSDEEP
49152:a/pHutSjj/FX6725Lm+e1Df2y3u6r7AOQlL1M2+a4pwxQnz6Yydw6LyxmEVEcLvB:a/puaUN3u6QUdDcdPGxRG5hksjE4YVN3
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-