General
-
Target
7f45e34718eaace3a349f655b791bb264fc183c8b4fb5868c217dc7c919652f3
-
Size
4.2MB
-
Sample
230603-zw6m2sae9z
-
MD5
8eaa2793d30984889c7ca9015d52214e
-
SHA1
1544ac3184a0869f5b9e91f34c6a3399b7913e64
-
SHA256
7f45e34718eaace3a349f655b791bb264fc183c8b4fb5868c217dc7c919652f3
-
SHA512
68c706c15cfd172df22810f8154e90276d15ca35b1c04ef7beb1cae06fd0f63378d0901eef7ccfc94b0fb4fe2cfec7972e7f8c72c6019c4c6819966ab1d260d5
-
SSDEEP
98304:/jnX49dnSuBh1DxGX/p0ls1M2ZuTaEmtsBqYP1:c9phhD4XOlZYsBRd
Malware Config
Targets
-
-
Target
7f45e34718eaace3a349f655b791bb264fc183c8b4fb5868c217dc7c919652f3
-
Size
4.2MB
-
MD5
8eaa2793d30984889c7ca9015d52214e
-
SHA1
1544ac3184a0869f5b9e91f34c6a3399b7913e64
-
SHA256
7f45e34718eaace3a349f655b791bb264fc183c8b4fb5868c217dc7c919652f3
-
SHA512
68c706c15cfd172df22810f8154e90276d15ca35b1c04ef7beb1cae06fd0f63378d0901eef7ccfc94b0fb4fe2cfec7972e7f8c72c6019c4c6819966ab1d260d5
-
SSDEEP
98304:/jnX49dnSuBh1DxGX/p0ls1M2ZuTaEmtsBqYP1:c9phhD4XOlZYsBRd
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-