General
-
Target
a2e2fe0fdc279cdec6311b3eebb0c732878baea92ed32be648a30b00a936b2f8
-
Size
4.1MB
-
Sample
231014-casgzace34
-
MD5
394152a57657c0bde3eb20a997d18d30
-
SHA1
5bab818ae5295423a8131f19072c03bf8baa5171
-
SHA256
a2e2fe0fdc279cdec6311b3eebb0c732878baea92ed32be648a30b00a936b2f8
-
SHA512
3b5c826bb07a12f92aad62ce336e6578e9004dd03042b4f462fb31e25f18e1cee81159ec616fe647e55afb212c302f104cd17e92f76fafe43f16c451ae611e68
-
SSDEEP
98304:DOd3sthAcDwT4/1Fur5ufQiZe2wtO6aKZfS4/DEHReGvNis:DDthnwT4/fw5m14thhAhHRea5
Malware Config
Targets
-
-
Target
a2e2fe0fdc279cdec6311b3eebb0c732878baea92ed32be648a30b00a936b2f8
-
Size
4.1MB
-
MD5
394152a57657c0bde3eb20a997d18d30
-
SHA1
5bab818ae5295423a8131f19072c03bf8baa5171
-
SHA256
a2e2fe0fdc279cdec6311b3eebb0c732878baea92ed32be648a30b00a936b2f8
-
SHA512
3b5c826bb07a12f92aad62ce336e6578e9004dd03042b4f462fb31e25f18e1cee81159ec616fe647e55afb212c302f104cd17e92f76fafe43f16c451ae611e68
-
SSDEEP
98304:DOd3sthAcDwT4/1Fur5ufQiZe2wtO6aKZfS4/DEHReGvNis:DDthnwT4/fw5m14thhAhHRea5
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1