General
-
Target
105561403c846ad777a4e5eed1afc8c05222e9ae36f86a6559b6cf43bcd7159e
-
Size
4.2MB
-
Sample
240419-rdbqysfb4y
-
MD5
a3516189919a22ec9eaba6ad8dc5effa
-
SHA1
3b7df3717b83a4385dadc7a8c15ba87e6a48b916
-
SHA256
105561403c846ad777a4e5eed1afc8c05222e9ae36f86a6559b6cf43bcd7159e
-
SHA512
b7cdd8d806bc150a1d321aaba192f8d02bb13f30cfccf093f0e76b78cd93f1c2cc767bb67c89516920a0ac23c6d92c4699381bfedf93f2c33fab245d30dbc9bc
-
SSDEEP
98304:zu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVY3:zaARFuKJWhQkavn//blllQdNaFDGXE
Malware Config
Targets
-
-
Target
105561403c846ad777a4e5eed1afc8c05222e9ae36f86a6559b6cf43bcd7159e
-
Size
4.2MB
-
MD5
a3516189919a22ec9eaba6ad8dc5effa
-
SHA1
3b7df3717b83a4385dadc7a8c15ba87e6a48b916
-
SHA256
105561403c846ad777a4e5eed1afc8c05222e9ae36f86a6559b6cf43bcd7159e
-
SHA512
b7cdd8d806bc150a1d321aaba192f8d02bb13f30cfccf093f0e76b78cd93f1c2cc767bb67c89516920a0ac23c6d92c4699381bfedf93f2c33fab245d30dbc9bc
-
SSDEEP
98304:zu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVY3:zaARFuKJWhQkavn//blllQdNaFDGXE
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1