General
-
Target
a3d6c15439eec7c90f015deab3e2fc930df70ab90630ad5a6c1a6bbebd3bc8b7
-
Size
4.2MB
-
Sample
240409-tzjd2aff7z
-
MD5
0199dfb09c2c2eb3af4f9e8efb6dadca
-
SHA1
e8cad6ebd8d4817bdb5c3bd6119ee92273482a71
-
SHA256
a3d6c15439eec7c90f015deab3e2fc930df70ab90630ad5a6c1a6bbebd3bc8b7
-
SHA512
2b9e7d1288709f71409317b49011f0f864d4d5b70768d631153bfe38192589f8b182a57ffdcd24c8858ef7f11c0a50f7b682fcf6b13e6691284bd8104718d659
-
SSDEEP
98304:Cq77jqY634qYqqku+lyD9j83bmq6chkYsndCeM49l0PC8vwYt3LS/Hh+:Cg7jqGqHumyZj83bqlTnjD0P2G3Ig
Malware Config
Targets
-
-
Target
a3d6c15439eec7c90f015deab3e2fc930df70ab90630ad5a6c1a6bbebd3bc8b7
-
Size
4.2MB
-
MD5
0199dfb09c2c2eb3af4f9e8efb6dadca
-
SHA1
e8cad6ebd8d4817bdb5c3bd6119ee92273482a71
-
SHA256
a3d6c15439eec7c90f015deab3e2fc930df70ab90630ad5a6c1a6bbebd3bc8b7
-
SHA512
2b9e7d1288709f71409317b49011f0f864d4d5b70768d631153bfe38192589f8b182a57ffdcd24c8858ef7f11c0a50f7b682fcf6b13e6691284bd8104718d659
-
SSDEEP
98304:Cq77jqY634qYqqku+lyD9j83bmq6chkYsndCeM49l0PC8vwYt3LS/Hh+:Cg7jqGqHumyZj83bqlTnjD0P2G3Ig
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1