General
-
Target
822596d31862edb1209de0c34823c0509881ea9840b3740d359f095b7d568026
-
Size
4.1MB
-
Sample
240328-vktrwscb32
-
MD5
3dc1e346392fca119ba9334e2fc5d2de
-
SHA1
a3d11daa6f9a2a238b8eebc3a01ea90d221e192d
-
SHA256
822596d31862edb1209de0c34823c0509881ea9840b3740d359f095b7d568026
-
SHA512
8ccda0c5d1f8276f1b4c8af58111faaf703ca94a9b7b55cb057bc13cd56fe4ca321076f4aa5c07bc847f85d9207e578d95195241f0c9e5ab4134a989fa091952
-
SSDEEP
98304:DnBT2yxfuzTI5fStKEP/KBtuRmnykiTetptq5ld6zSH5JXyGfEjJ1:9qqUKXID/eQ/nIb
Malware Config
Targets
-
-
Target
822596d31862edb1209de0c34823c0509881ea9840b3740d359f095b7d568026
-
Size
4.1MB
-
MD5
3dc1e346392fca119ba9334e2fc5d2de
-
SHA1
a3d11daa6f9a2a238b8eebc3a01ea90d221e192d
-
SHA256
822596d31862edb1209de0c34823c0509881ea9840b3740d359f095b7d568026
-
SHA512
8ccda0c5d1f8276f1b4c8af58111faaf703ca94a9b7b55cb057bc13cd56fe4ca321076f4aa5c07bc847f85d9207e578d95195241f0c9e5ab4134a989fa091952
-
SSDEEP
98304:DnBT2yxfuzTI5fStKEP/KBtuRmnykiTetptq5ld6zSH5JXyGfEjJ1:9qqUKXID/eQ/nIb
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1