General
-
Target
5f8189c278f4bdb8bd8be6e198a4a1b1d79e38261f299d1f2c8c7d3d00354ef4
-
Size
4.1MB
-
Sample
231112-tf93msgf9x
-
MD5
1726bf86aee28d66f2310b5563ea6a11
-
SHA1
3a051d0a4a79e28ed41539cc5d6fcdc5aa5b42d4
-
SHA256
5f8189c278f4bdb8bd8be6e198a4a1b1d79e38261f299d1f2c8c7d3d00354ef4
-
SHA512
7758c9b17b396080042024deb8f233a1f378cce39d7e7f604ee5b5711c0074c34965cccb38447107351fc25246a7dfc3872f5565d306506f71398d69d6baed2f
-
SSDEEP
49152:H2+JiQYrzZsy4qfPcmNCuwwVapNjfaWhrRbGkMAkYJB5gcZ2ldoTTdZIrftuzxZD:W+XYJssfNN8wVor5xGk7JBwofIbtufZx
Malware Config
Targets
-
-
Target
5f8189c278f4bdb8bd8be6e198a4a1b1d79e38261f299d1f2c8c7d3d00354ef4
-
Size
4.1MB
-
MD5
1726bf86aee28d66f2310b5563ea6a11
-
SHA1
3a051d0a4a79e28ed41539cc5d6fcdc5aa5b42d4
-
SHA256
5f8189c278f4bdb8bd8be6e198a4a1b1d79e38261f299d1f2c8c7d3d00354ef4
-
SHA512
7758c9b17b396080042024deb8f233a1f378cce39d7e7f604ee5b5711c0074c34965cccb38447107351fc25246a7dfc3872f5565d306506f71398d69d6baed2f
-
SSDEEP
49152:H2+JiQYrzZsy4qfPcmNCuwwVapNjfaWhrRbGkMAkYJB5gcZ2ldoTTdZIrftuzxZD:W+XYJssfNN8wVor5xGk7JBwofIbtufZx
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1