Extracted

• • Target

    ff3bd8bcbd9f93c0b48fac3dad59735db9db2343da3126bc836a3134b563924d.exe

  • Size

    799KB

  • MD5

    bb7917ed8063b9fd1cf3ea57fed87a5a

  • SHA1

    d98d8b5f5577f9d46cbcc3b73774ab3bc57e2466

  • SHA256

    ff3bd8bcbd9f93c0b48fac3dad59735db9db2343da3126bc836a3134b563924d

  • SHA512

    426c1a336748a16532e8c8d070eee8127b23a49fc9e9647af4b785fcf9930bf98bc4d4641fb1e595165e3abc85a4b24a2f3a6a956dd7be7b291fd05d33ef0677

  • SSDEEP

    24576:p9cSTsqZCHEOKCy0aTrhw53Kd70sc1QEz:p9cSTZCHvK/agR0hz

  Score

  10^/10

  stealcevasionstealerupxgluptebadropperloader

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Drops startup file

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2