General
-
Target
6d4b2f7319607fa41757de39f1e71945fafff754e9b3b6654c6fdfc038881671
-
Size
4.2MB
-
Sample
230603-t76vashc84
-
MD5
b436cc425105a8047a11e0125057a711
-
SHA1
8b7011a0f83525339c6a12bcf9ce60ee8d3a90dc
-
SHA256
6d4b2f7319607fa41757de39f1e71945fafff754e9b3b6654c6fdfc038881671
-
SHA512
84421febba9ff9dbe6ea9f26626a2070ca4bf8a5fa2c91e10bce4657799b4f34104c24f998bc3cf9c8bb637c13bef25552ee9156c55f5b1ea663ccb49d18f4e4
-
SSDEEP
98304:HafAXhpubtCuVbiDhXgHeCVIvH9D2AjKeshuAQX5WAoI7zs:jXv8JijD2A+eJxXFoI7zs
Malware Config
Targets
-
-
Target
6d4b2f7319607fa41757de39f1e71945fafff754e9b3b6654c6fdfc038881671
-
Size
4.2MB
-
MD5
b436cc425105a8047a11e0125057a711
-
SHA1
8b7011a0f83525339c6a12bcf9ce60ee8d3a90dc
-
SHA256
6d4b2f7319607fa41757de39f1e71945fafff754e9b3b6654c6fdfc038881671
-
SHA512
84421febba9ff9dbe6ea9f26626a2070ca4bf8a5fa2c91e10bce4657799b4f34104c24f998bc3cf9c8bb637c13bef25552ee9156c55f5b1ea663ccb49d18f4e4
-
SSDEEP
98304:HafAXhpubtCuVbiDhXgHeCVIvH9D2AjKeshuAQX5WAoI7zs:jXv8JijD2A+eJxXFoI7zs
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-