General
-
Target
2d51d403beac5ebf80c3db6747699624392153d0e694d200887054c6fdad5a42
-
Size
4.2MB
-
Sample
230922-bsl78sbd7x
-
MD5
d57d6599d016880c2267556c3d59b8dd
-
SHA1
a911fba24a3b88863d96756243370ef969435982
-
SHA256
2d51d403beac5ebf80c3db6747699624392153d0e694d200887054c6fdad5a42
-
SHA512
2bb144c13cd71a95ff07fb9fe6e0cdb70c1ea04c943dc33ac57d7cfa8f16273d85471f709763a563bc67b76d06c3fae2e287815f9590563976fb0ba4a87bc3fd
-
SSDEEP
98304:Emw1LPDnxxF+Jqv82oqnb20jW7y9i795h4PUaS1EdSCrvUqdsj:8Jn1h8gj59e9U61EdRg
Malware Config
Targets
-
-
Target
2d51d403beac5ebf80c3db6747699624392153d0e694d200887054c6fdad5a42
-
Size
4.2MB
-
MD5
d57d6599d016880c2267556c3d59b8dd
-
SHA1
a911fba24a3b88863d96756243370ef969435982
-
SHA256
2d51d403beac5ebf80c3db6747699624392153d0e694d200887054c6fdad5a42
-
SHA512
2bb144c13cd71a95ff07fb9fe6e0cdb70c1ea04c943dc33ac57d7cfa8f16273d85471f709763a563bc67b76d06c3fae2e287815f9590563976fb0ba4a87bc3fd
-
SSDEEP
98304:Emw1LPDnxxF+Jqv82oqnb20jW7y9i795h4PUaS1EdSCrvUqdsj:8Jn1h8gj59e9U61EdRg
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1