General
-
Target
06ae11f3d4553e0d935e56e1819d21a85fedfb38398e2c137c86b3b73c0ed847
-
Size
4.1MB
-
Sample
230330-xefzysfc7v
-
MD5
3852f258eb7b6eec405dbd5c884944fd
-
SHA1
e193315762a4aef7c97b39a28b2bcde4eb50aa20
-
SHA256
06ae11f3d4553e0d935e56e1819d21a85fedfb38398e2c137c86b3b73c0ed847
-
SHA512
30e986fd033a9a65f424f0a291a1bec5242800f20830f63e9b0b6d4a3cbfccea5b5a2a6069fd42699314f709d9a01e5a40feca339ed68bfc7870fe869ed03224
-
SSDEEP
98304:1JZFyOiBWtKe1mG2XorytaK1NNu2pIfVAEJ0GWVjz1AOULyv5+ad385+Tdpx:1DEOiBWsaN2X1aK1vuWAGxAFY38iV
Malware Config
Targets
-
-
Target
06ae11f3d4553e0d935e56e1819d21a85fedfb38398e2c137c86b3b73c0ed847
-
Size
4.1MB
-
MD5
3852f258eb7b6eec405dbd5c884944fd
-
SHA1
e193315762a4aef7c97b39a28b2bcde4eb50aa20
-
SHA256
06ae11f3d4553e0d935e56e1819d21a85fedfb38398e2c137c86b3b73c0ed847
-
SHA512
30e986fd033a9a65f424f0a291a1bec5242800f20830f63e9b0b6d4a3cbfccea5b5a2a6069fd42699314f709d9a01e5a40feca339ed68bfc7870fe869ed03224
-
SSDEEP
98304:1JZFyOiBWtKe1mG2XorytaK1NNu2pIfVAEJ0GWVjz1AOULyv5+ad385+Tdpx:1DEOiBWsaN2X1aK1vuWAGxAFY38iV
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-