General
-
Target
04077f536d5f0997897dfc4d8d4a705a98aa1eb7d2cced68058f25b048d9f2ab
-
Size
4.1MB
-
Sample
230331-jz58pagh85
-
MD5
ab2decb1021f020c883da27ebbcce62d
-
SHA1
bed3fcd5536da95a97749d7c3017900cb8bb6947
-
SHA256
04077f536d5f0997897dfc4d8d4a705a98aa1eb7d2cced68058f25b048d9f2ab
-
SHA512
86be7df00243fff90b8ba08d8c21082d50a29df23f2adf1144fe76352fa18ccc8dc8135178da83ac12a052d6bac1bf53cc420d4162bed9c538fc6c8359a8ff80
-
SSDEEP
98304:9fxIObgGKYbG9eLPUr0Mrrx6xvF/wVcAdC09q:9xAGK9CUr0Mfx0vwA0Y
Malware Config
Targets
-
-
Target
04077f536d5f0997897dfc4d8d4a705a98aa1eb7d2cced68058f25b048d9f2ab
-
Size
4.1MB
-
MD5
ab2decb1021f020c883da27ebbcce62d
-
SHA1
bed3fcd5536da95a97749d7c3017900cb8bb6947
-
SHA256
04077f536d5f0997897dfc4d8d4a705a98aa1eb7d2cced68058f25b048d9f2ab
-
SHA512
86be7df00243fff90b8ba08d8c21082d50a29df23f2adf1144fe76352fa18ccc8dc8135178da83ac12a052d6bac1bf53cc420d4162bed9c538fc6c8359a8ff80
-
SSDEEP
98304:9fxIObgGKYbG9eLPUr0Mrrx6xvF/wVcAdC09q:9xAGK9CUr0Mfx0vwA0Y
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-