General
-
Target
0e5b3b1be2c8663830f73575f6ef8c1999c268affb9b7d45be2f1b829537c296
-
Size
4.2MB
-
Sample
230508-j4xgcahe92
-
MD5
9afdf24f8c469696d26ea7feb80fbb1d
-
SHA1
6cfcdec64b33cf4ac9397f257c8271b4af802161
-
SHA256
0e5b3b1be2c8663830f73575f6ef8c1999c268affb9b7d45be2f1b829537c296
-
SHA512
abb83bd5466cb2ab82eec3f81aa26f1afbf0ff7adb51feab6f50bcfd7d0f12a4047dbdca429ed2672a07673c6ff00628df7e32c3d74286940ea7004176e3a59e
-
SSDEEP
98304:MBOiCy4F0oItSYtrL4g8/7HYj4GTCRQ+nt0wZiMZJDN:8O7FPStrkgYHYhTb+tvpN
Malware Config
Targets
-
-
Target
0e5b3b1be2c8663830f73575f6ef8c1999c268affb9b7d45be2f1b829537c296
-
Size
4.2MB
-
MD5
9afdf24f8c469696d26ea7feb80fbb1d
-
SHA1
6cfcdec64b33cf4ac9397f257c8271b4af802161
-
SHA256
0e5b3b1be2c8663830f73575f6ef8c1999c268affb9b7d45be2f1b829537c296
-
SHA512
abb83bd5466cb2ab82eec3f81aa26f1afbf0ff7adb51feab6f50bcfd7d0f12a4047dbdca429ed2672a07673c6ff00628df7e32c3d74286940ea7004176e3a59e
-
SSDEEP
98304:MBOiCy4F0oItSYtrL4g8/7HYj4GTCRQ+nt0wZiMZJDN:8O7FPStrkgYHYhTb+tvpN
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-