General
-
Target
c0931a5fd9c4fefaa3dee13e9dd6418a4021911023ef92c86a44136548e6e445
-
Size
4.1MB
-
Sample
230607-y4vebagb4s
-
MD5
8582528fe7537ae85fb0a57f410c055a
-
SHA1
b44374dd8e04a0e9b545abac3818dc66bef149f1
-
SHA256
c0931a5fd9c4fefaa3dee13e9dd6418a4021911023ef92c86a44136548e6e445
-
SHA512
6e25de5578bfde101c0b524a0ef6e670386c7b100a7d11d8a642d869df1b1aec9df93bc04ad54277b5c50a953e8bf5c74166acc35ec7b1616636cd674f46b9b5
-
SSDEEP
98304:vV0kmJ+lypSNjdXPFOPJebab0px9wmc+n8YxrkbK2edAQcAI:lBUUNjSheOR48v+9dAMI
Malware Config
Targets
-
-
Target
c0931a5fd9c4fefaa3dee13e9dd6418a4021911023ef92c86a44136548e6e445
-
Size
4.1MB
-
MD5
8582528fe7537ae85fb0a57f410c055a
-
SHA1
b44374dd8e04a0e9b545abac3818dc66bef149f1
-
SHA256
c0931a5fd9c4fefaa3dee13e9dd6418a4021911023ef92c86a44136548e6e445
-
SHA512
6e25de5578bfde101c0b524a0ef6e670386c7b100a7d11d8a642d869df1b1aec9df93bc04ad54277b5c50a953e8bf5c74166acc35ec7b1616636cd674f46b9b5
-
SSDEEP
98304:vV0kmJ+lypSNjdXPFOPJebab0px9wmc+n8YxrkbK2edAQcAI:lBUUNjSheOR48v+9dAMI
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-