General
-
Target
ea83eb67b9a266e3c3bec25f847d2caee757724751f7e12b3704575a20245445
-
Size
4.1MB
-
Sample
230920-jhf78seg7x
-
MD5
3b7e51bbb39aea5f8b7044799df4e2c6
-
SHA1
df0066f9f7df1808ea923b27bcd40a432af5d92d
-
SHA256
ea83eb67b9a266e3c3bec25f847d2caee757724751f7e12b3704575a20245445
-
SHA512
47b1d6865a6563adf27ca0c1997b3d1ffb75e0c90fb6d31506e8ba7a9c229caedbaa5d3ebc40bd690a1e5f6ba8f5c39953fb22b1dc703182f9b4c04140908dbe
-
SSDEEP
98304:hDCDsIB1E72KwjuZQmjRJMu1YPhPgkzX/E2WwisOBlI1Ve2Ihanao:h+D/EXnZXjjQZ4kTcoO3I1VaiN
Malware Config
Targets
-
-
Target
ea83eb67b9a266e3c3bec25f847d2caee757724751f7e12b3704575a20245445
-
Size
4.1MB
-
MD5
3b7e51bbb39aea5f8b7044799df4e2c6
-
SHA1
df0066f9f7df1808ea923b27bcd40a432af5d92d
-
SHA256
ea83eb67b9a266e3c3bec25f847d2caee757724751f7e12b3704575a20245445
-
SHA512
47b1d6865a6563adf27ca0c1997b3d1ffb75e0c90fb6d31506e8ba7a9c229caedbaa5d3ebc40bd690a1e5f6ba8f5c39953fb22b1dc703182f9b4c04140908dbe
-
SSDEEP
98304:hDCDsIB1E72KwjuZQmjRJMu1YPhPgkzX/E2WwisOBlI1Ve2Ihanao:h+D/EXnZXjjQZ4kTcoO3I1VaiN
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1