General
-
Target
60b71c47e26bdd09906070070c71eff12bc4febf8948ba419d0a71cbd4e30d77
-
Size
4.1MB
-
Sample
230531-3qtm3sbf24
-
MD5
932e903ca941c0dfaae965ca40851c7e
-
SHA1
3830bdd71449de12f31a5d81f60da3806579c46b
-
SHA256
60b71c47e26bdd09906070070c71eff12bc4febf8948ba419d0a71cbd4e30d77
-
SHA512
c076b979bfa257238768858648792066a1a1d08077caf6c33180714a16abe687c86efa1278130d421a3af6cab9a7d25c5258db486bb53c8cdcaaecb521f67859
-
SSDEEP
98304:3Dhu0gofZIq//Xtu0a8OYv6uWnwF1qs4t:EzS3nwuR1qsg
Malware Config
Targets
-
-
Target
60b71c47e26bdd09906070070c71eff12bc4febf8948ba419d0a71cbd4e30d77
-
Size
4.1MB
-
MD5
932e903ca941c0dfaae965ca40851c7e
-
SHA1
3830bdd71449de12f31a5d81f60da3806579c46b
-
SHA256
60b71c47e26bdd09906070070c71eff12bc4febf8948ba419d0a71cbd4e30d77
-
SHA512
c076b979bfa257238768858648792066a1a1d08077caf6c33180714a16abe687c86efa1278130d421a3af6cab9a7d25c5258db486bb53c8cdcaaecb521f67859
-
SSDEEP
98304:3Dhu0gofZIq//Xtu0a8OYv6uWnwF1qs4t:EzS3nwuR1qsg
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-