General
-
Target
43e56ca0adfea156379caf8cdada84702e83fbe0dae9fa5f8cb59f5c40ff46bc
-
Size
4.1MB
-
Sample
240421-y8xegabc9y
-
MD5
e11f70bb60864fb3cc34723245ade4ac
-
SHA1
f36b665135481a1be844d7addb89fc2112ec9261
-
SHA256
43e56ca0adfea156379caf8cdada84702e83fbe0dae9fa5f8cb59f5c40ff46bc
-
SHA512
e07268977f445c5260443dde524d485580eb2cb8355958b52122d839e0999bd587a9532f4a28ea7eb318bcf6f08c78ce5a9b7632e4930e7b45c820cd64eb0bbe
-
SSDEEP
98304:46+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSZ:5+NqpqkWfc2mFNDYjrxhMfGQpntq
Malware Config
Targets
-
-
Target
43e56ca0adfea156379caf8cdada84702e83fbe0dae9fa5f8cb59f5c40ff46bc
-
Size
4.1MB
-
MD5
e11f70bb60864fb3cc34723245ade4ac
-
SHA1
f36b665135481a1be844d7addb89fc2112ec9261
-
SHA256
43e56ca0adfea156379caf8cdada84702e83fbe0dae9fa5f8cb59f5c40ff46bc
-
SHA512
e07268977f445c5260443dde524d485580eb2cb8355958b52122d839e0999bd587a9532f4a28ea7eb318bcf6f08c78ce5a9b7632e4930e7b45c820cd64eb0bbe
-
SSDEEP
98304:46+NbupGYWkWUKqb2mQEf1KRMJYjr3YWC6hMfGb3gpntSZ:5+NqpqkWfc2mFNDYjrxhMfGQpntq
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1