General
-
Target
63c6a933f92db48ef9cef5581baf85d3e31188d6ec4056a05259a9cf613f5a77
-
Size
4.2MB
-
Sample
230607-s9f6zsda6w
-
MD5
f405e40887b7c187226c2ec527ad621c
-
SHA1
592187dbb1d02a40d89529261511645ecc30d366
-
SHA256
63c6a933f92db48ef9cef5581baf85d3e31188d6ec4056a05259a9cf613f5a77
-
SHA512
2159eba154e4a9111dbaf0f07fa48a0be6a9719e5f43a4d91c1fa24d22d8be84cdcd1bf0c9727ddc0a67a53f4919cc23f4925115924c07ca76b9f203c1666d8f
-
SSDEEP
98304:oXBXbxwMASR72enw18wQxWVMeT7u+9UVKOQ5LwfsZVh:0BLxkG72BAWVJXuzQ5LB
Malware Config
Targets
-
-
Target
63c6a933f92db48ef9cef5581baf85d3e31188d6ec4056a05259a9cf613f5a77
-
Size
4.2MB
-
MD5
f405e40887b7c187226c2ec527ad621c
-
SHA1
592187dbb1d02a40d89529261511645ecc30d366
-
SHA256
63c6a933f92db48ef9cef5581baf85d3e31188d6ec4056a05259a9cf613f5a77
-
SHA512
2159eba154e4a9111dbaf0f07fa48a0be6a9719e5f43a4d91c1fa24d22d8be84cdcd1bf0c9727ddc0a67a53f4919cc23f4925115924c07ca76b9f203c1666d8f
-
SSDEEP
98304:oXBXbxwMASR72enw18wQxWVMeT7u+9UVKOQ5LwfsZVh:0BLxkG72BAWVJXuzQ5LB
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-