General
-
Target
1142d9e5da508c6157c133c0083748cffac4a433989cb7717bea595a5d0ec280
-
Size
4.2MB
-
Sample
230820-rr5aesfg68
-
MD5
0ac512e796c1cde491b45ab283504110
-
SHA1
0cff55e3479702f31929935df4fc06edb5b3498c
-
SHA256
1142d9e5da508c6157c133c0083748cffac4a433989cb7717bea595a5d0ec280
-
SHA512
c4eb5aa141814ba1222e357022d5224106d2d514d0b7552363f1117eb569277082a1fa7e50a0a701b1131042511c1471cf747065a44bf3b15f96462b62c020a3
-
SSDEEP
98304:WxwgKL2QQu5HfhThEc2cBXMt7yRzdccNZ1bGACjHjbIigYNsrsOrhk:lgKLDT5H1FBs+ZcA1bGACjHjxgYN+ssk
Malware Config
Targets
-
-
Target
1142d9e5da508c6157c133c0083748cffac4a433989cb7717bea595a5d0ec280
-
Size
4.2MB
-
MD5
0ac512e796c1cde491b45ab283504110
-
SHA1
0cff55e3479702f31929935df4fc06edb5b3498c
-
SHA256
1142d9e5da508c6157c133c0083748cffac4a433989cb7717bea595a5d0ec280
-
SHA512
c4eb5aa141814ba1222e357022d5224106d2d514d0b7552363f1117eb569277082a1fa7e50a0a701b1131042511c1471cf747065a44bf3b15f96462b62c020a3
-
SSDEEP
98304:WxwgKL2QQu5HfhThEc2cBXMt7yRzdccNZ1bGACjHjbIigYNsrsOrhk:lgKLDT5H1FBs+ZcA1bGACjHjxgYN+ssk
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1