General
-
Target
95c38d9265d7c987b639bfda751e268ac71b83ea42bf396e512661ca83d52b61.exe
-
Size
4.2MB
-
Sample
230518-ra6f6aba7w
-
MD5
9707c5b4dd90294077fd1a1d2d4f4783
-
SHA1
074137e4f364af466519b822b74de731900db66e
-
SHA256
95c38d9265d7c987b639bfda751e268ac71b83ea42bf396e512661ca83d52b61
-
SHA512
26b1a88cf9053d1824d1f6ac5d9cade07e130a9e88e8b6551cf2582d532eee6c8d404cc9b862a640c9e4eae5c6487cc26cf118c9123e321130fb5dd56e490ef8
-
SSDEEP
98304:2Rm1FI4Ofs4hghp/MO0myowzLWwPA6QaCj20M9u8R69Afm/w:Mm0lfCbR/wzqGAbaCjcQm
Malware Config
Targets
-
-
Target
95c38d9265d7c987b639bfda751e268ac71b83ea42bf396e512661ca83d52b61.exe
-
Size
4.2MB
-
MD5
9707c5b4dd90294077fd1a1d2d4f4783
-
SHA1
074137e4f364af466519b822b74de731900db66e
-
SHA256
95c38d9265d7c987b639bfda751e268ac71b83ea42bf396e512661ca83d52b61
-
SHA512
26b1a88cf9053d1824d1f6ac5d9cade07e130a9e88e8b6551cf2582d532eee6c8d404cc9b862a640c9e4eae5c6487cc26cf118c9123e321130fb5dd56e490ef8
-
SSDEEP
98304:2Rm1FI4Ofs4hghp/MO0myowzLWwPA6QaCj20M9u8R69Afm/w:Mm0lfCbR/wzqGAbaCjcQm
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
-