General
-
Target
0725bda12d99f49059adfe803816b3765f341be91a9bd855760451c90a0e0472
-
Size
4.2MB
-
Sample
230607-swjd7acb96
-
MD5
1a3137f955810cc97d8b36c8dd0b617e
-
SHA1
0f92a262d0128ca37a548ff87be43b5a001abb2d
-
SHA256
0725bda12d99f49059adfe803816b3765f341be91a9bd855760451c90a0e0472
-
SHA512
617bda2a6ad18546325a433c286437a5d7ff461740bd80cc8696ae1b75aacd29bd43939d2786983f42075559d85a334e654a4235f2a79c541b3d1da584c9e859
-
SSDEEP
98304:4XBXbxwMASR72enw18wQxWVMeT7u+9UVKOQ5LwfsZV8:kBLxkG72BAWVJXuzQ5Lc
Malware Config
Targets
-
-
Target
0725bda12d99f49059adfe803816b3765f341be91a9bd855760451c90a0e0472
-
Size
4.2MB
-
MD5
1a3137f955810cc97d8b36c8dd0b617e
-
SHA1
0f92a262d0128ca37a548ff87be43b5a001abb2d
-
SHA256
0725bda12d99f49059adfe803816b3765f341be91a9bd855760451c90a0e0472
-
SHA512
617bda2a6ad18546325a433c286437a5d7ff461740bd80cc8696ae1b75aacd29bd43939d2786983f42075559d85a334e654a4235f2a79c541b3d1da584c9e859
-
SSDEEP
98304:4XBXbxwMASR72enw18wQxWVMeT7u+9UVKOQ5LwfsZV8:kBLxkG72BAWVJXuzQ5Lc
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-