General
-
Target
6be838d208be871d9060d04392ee36325ca3c9cb1417b85c49b86bc81c37be8b
-
Size
4.2MB
-
Sample
240423-e42nvada75
-
MD5
e4dc21b6629f046ddbf15c9babd30c61
-
SHA1
69b21a59a330531d4b9fb8028b8bdd11778ec47b
-
SHA256
6be838d208be871d9060d04392ee36325ca3c9cb1417b85c49b86bc81c37be8b
-
SHA512
3e75b90c2a9a286ad05b63f812f9af100e3d44649ae2515cf0cd17d4e2eec5d4129cbbd2ddd6df2abe47f71056ed25ac19271752393fd06d8cd8ffef49b71799
-
SSDEEP
98304:0u6/1Lj48VZFqZsWR9oqHtGnoqXJzWXLs/C3aH3n0ZdP/OLcu:piV4gqnosWoqX1aLsd3nWdP/K
Malware Config
Targets
-
-
Target
6be838d208be871d9060d04392ee36325ca3c9cb1417b85c49b86bc81c37be8b
-
Size
4.2MB
-
MD5
e4dc21b6629f046ddbf15c9babd30c61
-
SHA1
69b21a59a330531d4b9fb8028b8bdd11778ec47b
-
SHA256
6be838d208be871d9060d04392ee36325ca3c9cb1417b85c49b86bc81c37be8b
-
SHA512
3e75b90c2a9a286ad05b63f812f9af100e3d44649ae2515cf0cd17d4e2eec5d4129cbbd2ddd6df2abe47f71056ed25ac19271752393fd06d8cd8ffef49b71799
-
SSDEEP
98304:0u6/1Lj48VZFqZsWR9oqHtGnoqXJzWXLs/C3aH3n0ZdP/OLcu:piV4gqnosWoqX1aLsd3nWdP/K
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1