General
-
Target
42c71d5b6cfb50d5ac1ee6d78bd27ddaa24a35111887729eb8839e53ac88e343
-
Size
4.2MB
-
Sample
240427-2c73waac3x
-
MD5
bd20d333b6629f29d517085fbc4b3c11
-
SHA1
dc6cda1698101f26bb7d2668137113834198d7b4
-
SHA256
42c71d5b6cfb50d5ac1ee6d78bd27ddaa24a35111887729eb8839e53ac88e343
-
SHA512
cd391b75546b22e06dc2085048285f70364a7439362b19c96f2e369844a57819f37f49493a45a33ce0c9442567defd40ef45536c135bd42e81b0a46ef780dfef
-
SSDEEP
98304:3amOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1t:3Ty8Jy4o9ecZxQhwo8IinPG1t
Malware Config
Targets
-
-
Target
42c71d5b6cfb50d5ac1ee6d78bd27ddaa24a35111887729eb8839e53ac88e343
-
Size
4.2MB
-
MD5
bd20d333b6629f29d517085fbc4b3c11
-
SHA1
dc6cda1698101f26bb7d2668137113834198d7b4
-
SHA256
42c71d5b6cfb50d5ac1ee6d78bd27ddaa24a35111887729eb8839e53ac88e343
-
SHA512
cd391b75546b22e06dc2085048285f70364a7439362b19c96f2e369844a57819f37f49493a45a33ce0c9442567defd40ef45536c135bd42e81b0a46ef780dfef
-
SSDEEP
98304:3amOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1t:3Ty8Jy4o9ecZxQhwo8IinPG1t
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1