General
-
Target
5368e701fb57804a8bdfb775620ca67e69a9ca664baba5a7991f4e12313904d3
-
Size
4.2MB
-
Sample
230720-fx2kyach34
-
MD5
a55d52689f97b741a550a5593205a861
-
SHA1
81efda2748d4ba28d2927bb23dc4752767438cb3
-
SHA256
5368e701fb57804a8bdfb775620ca67e69a9ca664baba5a7991f4e12313904d3
-
SHA512
9084a7ef458dd11e35b8df3ffea81997e32205f25c02c08b0085c93c5103f08215d20e2fa33bb389943743cef93661633eae872db30df33df00b0f9ea44068b7
-
SSDEEP
98304:WufsUk3aDtjlj2kBOZ+gews7CMPUV88keixL3RFSz:zmaDtjPBOZ+pwsJMm8ji53Q
Malware Config
Targets
-
-
Target
5368e701fb57804a8bdfb775620ca67e69a9ca664baba5a7991f4e12313904d3
-
Size
4.2MB
-
MD5
a55d52689f97b741a550a5593205a861
-
SHA1
81efda2748d4ba28d2927bb23dc4752767438cb3
-
SHA256
5368e701fb57804a8bdfb775620ca67e69a9ca664baba5a7991f4e12313904d3
-
SHA512
9084a7ef458dd11e35b8df3ffea81997e32205f25c02c08b0085c93c5103f08215d20e2fa33bb389943743cef93661633eae872db30df33df00b0f9ea44068b7
-
SSDEEP
98304:WufsUk3aDtjlj2kBOZ+gews7CMPUV88keixL3RFSz:zmaDtjPBOZ+pwsJMm8ji53Q
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-