General
-
Target
55b74c386b21407fe30ae3f26c47b2d02451ca93f7aea6363a8e5fb94a5617e5
-
Size
4.2MB
-
Sample
240410-fh4rradc53
-
MD5
de998f2b8408d7158a1eed574f6ead84
-
SHA1
eb4fce52f81a8347b2872fb88799f9f7cc712432
-
SHA256
55b74c386b21407fe30ae3f26c47b2d02451ca93f7aea6363a8e5fb94a5617e5
-
SHA512
35271c554a9770814d038f80684091af750bff71b39eb8267b789489b58cf8390855261d06dd33a6c304a2106ec2c691ba95ecfd1e1cb87af432fccad7bd6d27
-
SSDEEP
98304:WECH+3DSWnI1KGGLxQ5XsnDnmKFULzGt/AOX9k/3NCXH+HNQDf1LiqV:WtH+32WnIs1Fg8DnrtoOX9+mBzV
Malware Config
Targets
-
-
Target
55b74c386b21407fe30ae3f26c47b2d02451ca93f7aea6363a8e5fb94a5617e5
-
Size
4.2MB
-
MD5
de998f2b8408d7158a1eed574f6ead84
-
SHA1
eb4fce52f81a8347b2872fb88799f9f7cc712432
-
SHA256
55b74c386b21407fe30ae3f26c47b2d02451ca93f7aea6363a8e5fb94a5617e5
-
SHA512
35271c554a9770814d038f80684091af750bff71b39eb8267b789489b58cf8390855261d06dd33a6c304a2106ec2c691ba95ecfd1e1cb87af432fccad7bd6d27
-
SSDEEP
98304:WECH+3DSWnI1KGGLxQ5XsnDnmKFULzGt/AOX9k/3NCXH+HNQDf1LiqV:WtH+32WnIs1Fg8DnrtoOX9+mBzV
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1