General
-
Target
8f6af651ebee2217aca32dc6e89694546e01dcc8597ea3181d7eff5a8cd71c49
-
Size
4.1MB
-
Sample
240425-1ld1qafe23
-
MD5
ccc420b4bb4737a72c9dde35a9d1f396
-
SHA1
e83b1a4d4f321a688abf19181a80d2736b1368eb
-
SHA256
8f6af651ebee2217aca32dc6e89694546e01dcc8597ea3181d7eff5a8cd71c49
-
SHA512
6880d7fbc8e44a7104d27e1a94dd7592a3079c6155cd1ed7aa55b013688db87527bdf2c9711e4a680efbc5b086afdf4094293f4156b9c48ac8ed689d60a8967f
-
SSDEEP
98304:ML1CWDKzOLOwEVDen+CvoiqvVh9u6jAYgUqe:MeQWDA+EohruNUR
Malware Config
Targets
-
-
Target
8f6af651ebee2217aca32dc6e89694546e01dcc8597ea3181d7eff5a8cd71c49
-
Size
4.1MB
-
MD5
ccc420b4bb4737a72c9dde35a9d1f396
-
SHA1
e83b1a4d4f321a688abf19181a80d2736b1368eb
-
SHA256
8f6af651ebee2217aca32dc6e89694546e01dcc8597ea3181d7eff5a8cd71c49
-
SHA512
6880d7fbc8e44a7104d27e1a94dd7592a3079c6155cd1ed7aa55b013688db87527bdf2c9711e4a680efbc5b086afdf4094293f4156b9c48ac8ed689d60a8967f
-
SSDEEP
98304:ML1CWDKzOLOwEVDen+CvoiqvVh9u6jAYgUqe:MeQWDA+EohruNUR
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1