General
-
Target
e6cd7eb6dde1249e94ab77f522b013901d259e209d1461d1c4a6b40768c0b00f
-
Size
4.2MB
-
Sample
230607-ah3a2agf9w
-
MD5
976a855f5728aab2ff25997abf37e0ab
-
SHA1
2ba44d09693fb107261d3df4adb1ba807fd71af8
-
SHA256
e6cd7eb6dde1249e94ab77f522b013901d259e209d1461d1c4a6b40768c0b00f
-
SHA512
5d2eaf1908377c27aab42457633814336b2195a04e3a090eab773d72e8213c707b12e878f9f457d80d9c1940d97132dc1c49d861ef38a4ac6ea7515ec2c6d666
-
SSDEEP
98304:KRpqgcnrakfp/v5EYMUDaH8BuphD4LYzqMjBd5Nmn8GbQKYr0:Ep3kfp/v59PD/kaM+MjL3ZGET0
Malware Config
Targets
-
-
Target
e6cd7eb6dde1249e94ab77f522b013901d259e209d1461d1c4a6b40768c0b00f
-
Size
4.2MB
-
MD5
976a855f5728aab2ff25997abf37e0ab
-
SHA1
2ba44d09693fb107261d3df4adb1ba807fd71af8
-
SHA256
e6cd7eb6dde1249e94ab77f522b013901d259e209d1461d1c4a6b40768c0b00f
-
SHA512
5d2eaf1908377c27aab42457633814336b2195a04e3a090eab773d72e8213c707b12e878f9f457d80d9c1940d97132dc1c49d861ef38a4ac6ea7515ec2c6d666
-
SSDEEP
98304:KRpqgcnrakfp/v5EYMUDaH8BuphD4LYzqMjBd5Nmn8GbQKYr0:Ep3kfp/v59PD/kaM+MjL3ZGET0
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-