General
-
Target
4059422065704a3640f39b55757081746bbd0132367dec9ae66ea60c87d8e67a
-
Size
4.2MB
-
Sample
240411-e6lemsfe3w
-
MD5
3878469f6e33751b812f81e7c9803826
-
SHA1
c033e28f139085e29df32db63f2848e55de8d6a5
-
SHA256
4059422065704a3640f39b55757081746bbd0132367dec9ae66ea60c87d8e67a
-
SHA512
781c5ae07434f73757691c9ecd0e631139c9239abd2c8fcb4096bb1902e3d0bec7edd5ca8d1ed627ee4c79b1768c5976e42c266b30a07f06684addd0086905cb
-
SSDEEP
98304:uN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpy:mMStpnhFVxbz9J5TfHQ
Malware Config
Targets
-
-
Target
4059422065704a3640f39b55757081746bbd0132367dec9ae66ea60c87d8e67a
-
Size
4.2MB
-
MD5
3878469f6e33751b812f81e7c9803826
-
SHA1
c033e28f139085e29df32db63f2848e55de8d6a5
-
SHA256
4059422065704a3640f39b55757081746bbd0132367dec9ae66ea60c87d8e67a
-
SHA512
781c5ae07434f73757691c9ecd0e631139c9239abd2c8fcb4096bb1902e3d0bec7edd5ca8d1ed627ee4c79b1768c5976e42c266b30a07f06684addd0086905cb
-
SSDEEP
98304:uN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpy:mMStpnhFVxbz9J5TfHQ
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1