General
-
Target
62a0f8915a44ff3da03f1794f10f63d7742c999dd63fd7223e7ff35ad307eb88
-
Size
4.1MB
-
Sample
230329-zmah9ahh44
-
MD5
68bd1b20ece30ca2e2179e78d0bed76a
-
SHA1
5c0e13949867066e2e24d2b93f62a1731f7dcace
-
SHA256
62a0f8915a44ff3da03f1794f10f63d7742c999dd63fd7223e7ff35ad307eb88
-
SHA512
afb16be5f5318da696e02a997e66f5158d1914455967e67ef6b68344257334b62ac59fd2a3e901e3840932143d0bea1fc5dc9532267cba0c1e14c31cea8d6a64
-
SSDEEP
98304:IRWvg59g96oc7BXtKAUGpUS2PKiF3NSQtYeRY/83Jho:qGD96571tKBdkiFNt5/Q
Malware Config
Targets
-
-
Target
62a0f8915a44ff3da03f1794f10f63d7742c999dd63fd7223e7ff35ad307eb88
-
Size
4.1MB
-
MD5
68bd1b20ece30ca2e2179e78d0bed76a
-
SHA1
5c0e13949867066e2e24d2b93f62a1731f7dcace
-
SHA256
62a0f8915a44ff3da03f1794f10f63d7742c999dd63fd7223e7ff35ad307eb88
-
SHA512
afb16be5f5318da696e02a997e66f5158d1914455967e67ef6b68344257334b62ac59fd2a3e901e3840932143d0bea1fc5dc9532267cba0c1e14c31cea8d6a64
-
SSDEEP
98304:IRWvg59g96oc7BXtKAUGpUS2PKiF3NSQtYeRY/83Jho:qGD96571tKBdkiFNt5/Q
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-