General
-
Target
fa83d8fb671c5d0d27e77f7e55cc1cbaab7cfb2a812acde7d2f577fc28b8abb4
-
Size
4.2MB
-
Sample
240325-zvrgqshe27
-
MD5
978db2af372bb36fb4527850b9e6f927
-
SHA1
480d8c0c4604d5764526012984eb348a3b251978
-
SHA256
fa83d8fb671c5d0d27e77f7e55cc1cbaab7cfb2a812acde7d2f577fc28b8abb4
-
SHA512
8d617c8da0b9b22bab7788d379057a9b9fdb19205a28023bf9289af9fae818542ecaf940a067bc8da919a7937e3f521384d793323373015f23d92f321fbeb066
-
SSDEEP
98304:b/Uau/A4E82S3D8exjWgfuqpGn94XR6RmuHU/D+/0:rUasD82jWsHR8muHUL+/0
Malware Config
Targets
-
-
Target
fa83d8fb671c5d0d27e77f7e55cc1cbaab7cfb2a812acde7d2f577fc28b8abb4
-
Size
4.2MB
-
MD5
978db2af372bb36fb4527850b9e6f927
-
SHA1
480d8c0c4604d5764526012984eb348a3b251978
-
SHA256
fa83d8fb671c5d0d27e77f7e55cc1cbaab7cfb2a812acde7d2f577fc28b8abb4
-
SHA512
8d617c8da0b9b22bab7788d379057a9b9fdb19205a28023bf9289af9fae818542ecaf940a067bc8da919a7937e3f521384d793323373015f23d92f321fbeb066
-
SSDEEP
98304:b/Uau/A4E82S3D8exjWgfuqpGn94XR6RmuHU/D+/0:rUasD82jWsHR8muHUL+/0
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1