General
-
Target
4d8c2542c9c2e46ba20411eca88221e43ad39def013eab45a5aa7e7307c802a3
-
Size
4.1MB
-
Sample
231012-flypxaaf54
-
MD5
737c9fd51fc2c8558eb533fc4c88a7d0
-
SHA1
d28950b09ebbc483a2d2ad92ff9e94ef1bd8a6c1
-
SHA256
4d8c2542c9c2e46ba20411eca88221e43ad39def013eab45a5aa7e7307c802a3
-
SHA512
e04450baa09026b1974534ceb0095220abdf2d4f37461c59f10786b41d89adfed9ed9ccdd89cf814959d3a0ffbbb123451577635309cc295c3a136703c7635f4
-
SSDEEP
98304:fZvizi9TYcdcmJwy08hZjaU8DpJ/7O248HC1:h6zi9T/CmJwZ8jaU8Dn7O248w
Malware Config
Targets
-
-
Target
4d8c2542c9c2e46ba20411eca88221e43ad39def013eab45a5aa7e7307c802a3
-
Size
4.1MB
-
MD5
737c9fd51fc2c8558eb533fc4c88a7d0
-
SHA1
d28950b09ebbc483a2d2ad92ff9e94ef1bd8a6c1
-
SHA256
4d8c2542c9c2e46ba20411eca88221e43ad39def013eab45a5aa7e7307c802a3
-
SHA512
e04450baa09026b1974534ceb0095220abdf2d4f37461c59f10786b41d89adfed9ed9ccdd89cf814959d3a0ffbbb123451577635309cc295c3a136703c7635f4
-
SSDEEP
98304:fZvizi9TYcdcmJwy08hZjaU8DpJ/7O248HC1:h6zi9T/CmJwZ8jaU8Dn7O248w
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1