General
-
Target
8e345625afcf21d70f9932b4b2f69ca08bdc405576f9585eb27f2978bb4038d0
-
Size
4.1MB
-
Sample
230327-1jybkshd5w
-
MD5
0482b9930bc8b94c7db772a4cdb34619
-
SHA1
b7f0384110874d1a4508895ee575640afb84b5c1
-
SHA256
8e345625afcf21d70f9932b4b2f69ca08bdc405576f9585eb27f2978bb4038d0
-
SHA512
46b3fd0e1410582e5333653d6911bc327074791d31fa2e979f0cb25d4c89b4b2d7a8f85a233ce97ecd01ba302fe647cbc450e4a77678ba0a20eb2085db5a9b17
-
SSDEEP
98304:hsga/db54hpOTZGP3wo0ZMln15HTLEPxA/IhAljsmV:hsga/1gj04zaA/Io7
Malware Config
Targets
-
-
Target
8e345625afcf21d70f9932b4b2f69ca08bdc405576f9585eb27f2978bb4038d0
-
Size
4.1MB
-
MD5
0482b9930bc8b94c7db772a4cdb34619
-
SHA1
b7f0384110874d1a4508895ee575640afb84b5c1
-
SHA256
8e345625afcf21d70f9932b4b2f69ca08bdc405576f9585eb27f2978bb4038d0
-
SHA512
46b3fd0e1410582e5333653d6911bc327074791d31fa2e979f0cb25d4c89b4b2d7a8f85a233ce97ecd01ba302fe647cbc450e4a77678ba0a20eb2085db5a9b17
-
SSDEEP
98304:hsga/db54hpOTZGP3wo0ZMln15HTLEPxA/IhAljsmV:hsga/1gj04zaA/Io7
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-