General
-
Target
a7a45bdd7ce5c1d6a19c1f5f4c3bff711097936737012df36f4850619c50cb0e
-
Size
4.2MB
-
Sample
231003-lef46shf41
-
MD5
9e007f98ca02e5bc4b17148cf5cc0c51
-
SHA1
a85a6f47c0b243f7cc9a3266d23f0725aee051b5
-
SHA256
a7a45bdd7ce5c1d6a19c1f5f4c3bff711097936737012df36f4850619c50cb0e
-
SHA512
0024bd76c0e254d843a42a6b586077cfa8888839ff6ec2bcda980ac2cad6bb6bd1dd996dc82c995d4a5229ef891f777d78b544d3fa864f241d5cb8c5b6be1751
-
SSDEEP
98304:AMXW9xFhF1uQmDdbv5NleFWRJn+be40jKf+3KaaEdet0Y4K78h+o:fXW/V1uDDdbvJRUqofAKKdet0Yn78r
Malware Config
Targets
-
-
Target
a7a45bdd7ce5c1d6a19c1f5f4c3bff711097936737012df36f4850619c50cb0e
-
Size
4.2MB
-
MD5
9e007f98ca02e5bc4b17148cf5cc0c51
-
SHA1
a85a6f47c0b243f7cc9a3266d23f0725aee051b5
-
SHA256
a7a45bdd7ce5c1d6a19c1f5f4c3bff711097936737012df36f4850619c50cb0e
-
SHA512
0024bd76c0e254d843a42a6b586077cfa8888839ff6ec2bcda980ac2cad6bb6bd1dd996dc82c995d4a5229ef891f777d78b544d3fa864f241d5cb8c5b6be1751
-
SSDEEP
98304:AMXW9xFhF1uQmDdbv5NleFWRJn+be40jKf+3KaaEdet0Y4K78h+o:fXW/V1uDDdbvJRUqofAKKdet0Yn78r
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1