General
-
Target
41e8b9938a61464ec824ab22b16b01904733ab47f7d8665dd3e5ad37197ca189
-
Size
4.2MB
-
Sample
230923-vlrnxsag83
-
MD5
8142d38f3574ae4d2eedda3db3c22ef8
-
SHA1
f861f9f31680f02c84df1c53e5c297bc34f0b5ba
-
SHA256
41e8b9938a61464ec824ab22b16b01904733ab47f7d8665dd3e5ad37197ca189
-
SHA512
6d35028acfe22dd038893ce5efa9bf6360363efd745edbfbe6dad47ed7fc794f57e728077b90688773bf2151c9d630a4f60e583b92845841748edf460c1d92b6
-
SSDEEP
98304:X0NJcPwgVpnAhflow4DSidIjBMSPJ2c+HreHyKzaAu0qR2ds:SMAhflPidI1vPJ23SaAu9R2u
Malware Config
Targets
-
-
Target
41e8b9938a61464ec824ab22b16b01904733ab47f7d8665dd3e5ad37197ca189
-
Size
4.2MB
-
MD5
8142d38f3574ae4d2eedda3db3c22ef8
-
SHA1
f861f9f31680f02c84df1c53e5c297bc34f0b5ba
-
SHA256
41e8b9938a61464ec824ab22b16b01904733ab47f7d8665dd3e5ad37197ca189
-
SHA512
6d35028acfe22dd038893ce5efa9bf6360363efd745edbfbe6dad47ed7fc794f57e728077b90688773bf2151c9d630a4f60e583b92845841748edf460c1d92b6
-
SSDEEP
98304:X0NJcPwgVpnAhflow4DSidIjBMSPJ2c+HreHyKzaAu0qR2ds:SMAhflPidI1vPJ23SaAu9R2u
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1