General
-
Target
6d995c737454885165fe81b0d82b9c9bc42799347a05fa1acc4ceb16240fd18d
-
Size
4.2MB
-
Sample
230720-lghe1sfb62
-
MD5
5d932fb1d1b1978e2fdf155163f30129
-
SHA1
17ea3b5a7f12c03a9029e91b75ca23b61a0a9f2d
-
SHA256
6d995c737454885165fe81b0d82b9c9bc42799347a05fa1acc4ceb16240fd18d
-
SHA512
50012d11253e6c1ffd9fc0b4284c8ad84ff0aaff63078903bf3effb22fab852209ff3b351c3e77c35e352c0cd631875e12f604933e05533720b1e0c64cf93132
-
SSDEEP
49152:i1erJzBGM01eDkIOs5lWMMPVqk3msgqq3MoEqNU/aiz2dDf28p8/eNPiYXKyMM6G:IeJB50ADws5lG2jHEWUGDey8F7yH6dM5
Malware Config
Targets
-
-
Target
6d995c737454885165fe81b0d82b9c9bc42799347a05fa1acc4ceb16240fd18d
-
Size
4.2MB
-
MD5
5d932fb1d1b1978e2fdf155163f30129
-
SHA1
17ea3b5a7f12c03a9029e91b75ca23b61a0a9f2d
-
SHA256
6d995c737454885165fe81b0d82b9c9bc42799347a05fa1acc4ceb16240fd18d
-
SHA512
50012d11253e6c1ffd9fc0b4284c8ad84ff0aaff63078903bf3effb22fab852209ff3b351c3e77c35e352c0cd631875e12f604933e05533720b1e0c64cf93132
-
SSDEEP
49152:i1erJzBGM01eDkIOs5lWMMPVqk3msgqq3MoEqNU/aiz2dDf28p8/eNPiYXKyMM6G:IeJB50ADws5lG2jHEWUGDey8F7yH6dM5
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-