General
-
Target
c37ac8a5d7a1b67642bfd9468aefe3d3f8ba6db1eb8b49173e2224810167fd37
-
Size
4.2MB
-
Sample
230822-lphezsbe26
-
MD5
64f60b2d71dc3c14f366650a44a70914
-
SHA1
78b6e8df69e301714df4032e4257846131389a6f
-
SHA256
c37ac8a5d7a1b67642bfd9468aefe3d3f8ba6db1eb8b49173e2224810167fd37
-
SHA512
563be825a762d0d8a71db044be792e64bd24d87ad8daaf461c873dfa1dad2f872abffdbafed8322596cf9c3d98602308b61caaa9bb530d8e5fc7a79c050424b0
-
SSDEEP
98304:vRQOcZoYl5wZ+QjbAJzSKrtrVRLcPPPp76aGa34QEEq5X:KIUBSKhVRLYPV6aKX
Malware Config
Targets
-
-
Target
c37ac8a5d7a1b67642bfd9468aefe3d3f8ba6db1eb8b49173e2224810167fd37
-
Size
4.2MB
-
MD5
64f60b2d71dc3c14f366650a44a70914
-
SHA1
78b6e8df69e301714df4032e4257846131389a6f
-
SHA256
c37ac8a5d7a1b67642bfd9468aefe3d3f8ba6db1eb8b49173e2224810167fd37
-
SHA512
563be825a762d0d8a71db044be792e64bd24d87ad8daaf461c873dfa1dad2f872abffdbafed8322596cf9c3d98602308b61caaa9bb530d8e5fc7a79c050424b0
-
SSDEEP
98304:vRQOcZoYl5wZ+QjbAJzSKrtrVRLcPPPp76aGa34QEEq5X:KIUBSKhVRLYPV6aKX
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1