General
-
Target
27432b143839eda534a8952c11e7ef3330c1806261483c7ec99a2a7ad59ce16c
-
Size
4.2MB
-
Sample
230517-ae7fksdb33
-
MD5
b46851ba5ee9973c311e013494964c10
-
SHA1
3cefc4622082931cf75476997b6e85029b306083
-
SHA256
27432b143839eda534a8952c11e7ef3330c1806261483c7ec99a2a7ad59ce16c
-
SHA512
aa3bccc4358801b88861ed1e5c5e5dfd0e70ca3ef4b90b950626140e303faa1382f587c2a6828e6690ddb6670614881d236d9b2e35b5d41db7af7242b2afde53
-
SSDEEP
98304:CxQ7TT3z4SRBE5r5hJaPEdEtrFit4KKDM5ulP:iSTjdRir5vasEt2VKDM5ulP
Malware Config
Targets
-
-
Target
27432b143839eda534a8952c11e7ef3330c1806261483c7ec99a2a7ad59ce16c
-
Size
4.2MB
-
MD5
b46851ba5ee9973c311e013494964c10
-
SHA1
3cefc4622082931cf75476997b6e85029b306083
-
SHA256
27432b143839eda534a8952c11e7ef3330c1806261483c7ec99a2a7ad59ce16c
-
SHA512
aa3bccc4358801b88861ed1e5c5e5dfd0e70ca3ef4b90b950626140e303faa1382f587c2a6828e6690ddb6670614881d236d9b2e35b5d41db7af7242b2afde53
-
SSDEEP
98304:CxQ7TT3z4SRBE5r5hJaPEdEtrFit4KKDM5ulP:iSTjdRir5vasEt2VKDM5ulP
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-