General
-
Target
9a09f99a1868c30cbe62c302310c64f90a7210c7f2bd60dc2064951d3921d16f
-
Size
4.1MB
-
Sample
240327-qrse7agc4y
-
MD5
7fa855e37bcf22c8f45cd53d1f481335
-
SHA1
1c42d12884f7da933d195fc9301fb88e6c466bf2
-
SHA256
9a09f99a1868c30cbe62c302310c64f90a7210c7f2bd60dc2064951d3921d16f
-
SHA512
d6516d51c284e55f8c6850d0bbe1ace40c18d537e391dd2d5db6bd3899ae96a113d8afe2837878158f28684c1b73451d9178b4cb1bfee97eef54ee242eefeaae
-
SSDEEP
98304:2h2hMV7pU+F/PCp1TA/SQA1RMM6LFeS7mJmya:UVF1l01TAfA1kLFeSKJmya
Malware Config
Targets
-
-
Target
9a09f99a1868c30cbe62c302310c64f90a7210c7f2bd60dc2064951d3921d16f
-
Size
4.1MB
-
MD5
7fa855e37bcf22c8f45cd53d1f481335
-
SHA1
1c42d12884f7da933d195fc9301fb88e6c466bf2
-
SHA256
9a09f99a1868c30cbe62c302310c64f90a7210c7f2bd60dc2064951d3921d16f
-
SHA512
d6516d51c284e55f8c6850d0bbe1ace40c18d537e391dd2d5db6bd3899ae96a113d8afe2837878158f28684c1b73451d9178b4cb1bfee97eef54ee242eefeaae
-
SSDEEP
98304:2h2hMV7pU+F/PCp1TA/SQA1RMM6LFeS7mJmya:UVF1l01TAfA1kLFeSKJmya
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1