General
-
Target
7fa9a11d7629ddf781e56466f0b8c98fee903f5110d5a3964c1a7d2b23eb3ce8
-
Size
4.1MB
-
Sample
230918-tscmxach25
-
MD5
de0a0e946c51c7b1a70294b0c9813176
-
SHA1
dd88e27d7258d7d73c5822b34002f2d0fc310b84
-
SHA256
7fa9a11d7629ddf781e56466f0b8c98fee903f5110d5a3964c1a7d2b23eb3ce8
-
SHA512
448327dd586e86ac3f21f6779aae464175567b581af49f93c8bd41a4d8b45e1e101d7361d81fffe371741218a0e2f9e404aa25771fe1b839da8a88092beafb36
-
SSDEEP
98304:VrWwZ2HF3KeRPAbEo91MnjZWGIpEBuJ9+adIMIC7ZKhDsrY:VrWLHdZKookjZWGIq5Eh37Ze
Malware Config
Targets
-
-
Target
7fa9a11d7629ddf781e56466f0b8c98fee903f5110d5a3964c1a7d2b23eb3ce8
-
Size
4.1MB
-
MD5
de0a0e946c51c7b1a70294b0c9813176
-
SHA1
dd88e27d7258d7d73c5822b34002f2d0fc310b84
-
SHA256
7fa9a11d7629ddf781e56466f0b8c98fee903f5110d5a3964c1a7d2b23eb3ce8
-
SHA512
448327dd586e86ac3f21f6779aae464175567b581af49f93c8bd41a4d8b45e1e101d7361d81fffe371741218a0e2f9e404aa25771fe1b839da8a88092beafb36
-
SSDEEP
98304:VrWwZ2HF3KeRPAbEo91MnjZWGIpEBuJ9+adIMIC7ZKhDsrY:VrWLHdZKookjZWGIq5Eh37Ze
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1