General
-
Target
d5c92c2fbe4ce3afe5d4ef646f126fb71cfef64d5c483befae082b166b318f9c
-
Size
4.1MB
-
Sample
230328-3jkrlafe8s
-
MD5
b616a35ca9cfc6b5f756222f7fda1c10
-
SHA1
1dc5f00c93a8f20f7d9a6d71c74c669eb36b4944
-
SHA256
d5c92c2fbe4ce3afe5d4ef646f126fb71cfef64d5c483befae082b166b318f9c
-
SHA512
6c3f1c6234b2910243f19b4a23e06e995df6ed82ba788c5ce6efe33c26c795348d261a3b8f480782d0e5332061d6585e2a74a5163bfa3703224d6f9b7bd5c3af
-
SSDEEP
98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6VgK:CnVZmid/seb+aN6VgK
Malware Config
Targets
-
-
Target
d5c92c2fbe4ce3afe5d4ef646f126fb71cfef64d5c483befae082b166b318f9c
-
Size
4.1MB
-
MD5
b616a35ca9cfc6b5f756222f7fda1c10
-
SHA1
1dc5f00c93a8f20f7d9a6d71c74c669eb36b4944
-
SHA256
d5c92c2fbe4ce3afe5d4ef646f126fb71cfef64d5c483befae082b166b318f9c
-
SHA512
6c3f1c6234b2910243f19b4a23e06e995df6ed82ba788c5ce6efe33c26c795348d261a3b8f480782d0e5332061d6585e2a74a5163bfa3703224d6f9b7bd5c3af
-
SSDEEP
98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6VgK:CnVZmid/seb+aN6VgK
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-