General
-
Target
51457f13db36309180bdb5047d199a5fd096dcc27c5c655bb292ea5fe3da855f
-
Size
4.1MB
-
Sample
230714-jgt3psde4t
-
MD5
d4c737742988c43a30e813e69f15d833
-
SHA1
55b9c50e837026403b403e7c600d0cef44ee6f64
-
SHA256
51457f13db36309180bdb5047d199a5fd096dcc27c5c655bb292ea5fe3da855f
-
SHA512
4280cebd54e82661ba66507951997440aef71265e038756b41edfbaa52403cfe54101485a83f1cbb4b8770b4e69e34dc4a5c9326305587089944b70b3ed94b34
-
SSDEEP
98304:uEJqwW40sSE9a0WSikMVmHRkisADEFXeTDSKeNUmapK:uEwwWm4Fba1I
Malware Config
Targets
-
-
Target
51457f13db36309180bdb5047d199a5fd096dcc27c5c655bb292ea5fe3da855f
-
Size
4.1MB
-
MD5
d4c737742988c43a30e813e69f15d833
-
SHA1
55b9c50e837026403b403e7c600d0cef44ee6f64
-
SHA256
51457f13db36309180bdb5047d199a5fd096dcc27c5c655bb292ea5fe3da855f
-
SHA512
4280cebd54e82661ba66507951997440aef71265e038756b41edfbaa52403cfe54101485a83f1cbb4b8770b4e69e34dc4a5c9326305587089944b70b3ed94b34
-
SSDEEP
98304:uEJqwW40sSE9a0WSikMVmHRkisADEFXeTDSKeNUmapK:uEwwWm4Fba1I
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-