General
-
Target
02c83cc25125b11264c1b0e28694a0914e0b6ed7eaf36a8f550e7a81c0ab0605
-
Size
4.2MB
-
Sample
240419-rgn6fsec93
-
MD5
ddfbe9d3ae995263ffffc5db587027de
-
SHA1
04c58b00b758312816ac2447a431dceb1b89bf4f
-
SHA256
02c83cc25125b11264c1b0e28694a0914e0b6ed7eaf36a8f550e7a81c0ab0605
-
SHA512
5b3cc952c550b972fb9774d1c08b1cc1d919f40f11c900b5a82c569bd3b33f191266f162fdc348a6bb1339e7d57a53634e5b3a4bbadd35f8910439ff7e553865
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYS:LaARFuKJWhQkavn//blllQdNaFDGXF
Malware Config
Targets
-
-
Target
02c83cc25125b11264c1b0e28694a0914e0b6ed7eaf36a8f550e7a81c0ab0605
-
Size
4.2MB
-
MD5
ddfbe9d3ae995263ffffc5db587027de
-
SHA1
04c58b00b758312816ac2447a431dceb1b89bf4f
-
SHA256
02c83cc25125b11264c1b0e28694a0914e0b6ed7eaf36a8f550e7a81c0ab0605
-
SHA512
5b3cc952c550b972fb9774d1c08b1cc1d919f40f11c900b5a82c569bd3b33f191266f162fdc348a6bb1339e7d57a53634e5b3a4bbadd35f8910439ff7e553865
-
SSDEEP
98304:Lu15A1GiNRFuKfVvdEh8/k6ld6teGU//blllQO5EUt0+BFZRUpdVYS:LaARFuKJWhQkavn//blllQdNaFDGXF
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1