General
-
Target
89989a1aee94387ce1d00ce21c84f83678ece1065a6889d1b8572adb3e59f8c4
-
Size
4.1MB
-
Sample
240516-s73l7sbg7x
-
MD5
5cc39f78859dd4906a29353160f5127a
-
SHA1
8d30fc50456a61f36eeef444452bb9c12cac884c
-
SHA256
89989a1aee94387ce1d00ce21c84f83678ece1065a6889d1b8572adb3e59f8c4
-
SHA512
f1379f3225118a00b193a326764ebb754c97faba50eb05672aab5c9298ab3d63ab123668cf48b682d3c1d93e1b524b497bb66922839bd0191782ce30c4961ca7
-
SSDEEP
98304:M3tbwrB0kIuN3D8bfUXVQCwP9Kpl7QJG8rgohSw8D2z60ht59XC:MdQIuMQA9oQJ/gXDN
Malware Config
Targets
-
-
Target
89989a1aee94387ce1d00ce21c84f83678ece1065a6889d1b8572adb3e59f8c4
-
Size
4.1MB
-
MD5
5cc39f78859dd4906a29353160f5127a
-
SHA1
8d30fc50456a61f36eeef444452bb9c12cac884c
-
SHA256
89989a1aee94387ce1d00ce21c84f83678ece1065a6889d1b8572adb3e59f8c4
-
SHA512
f1379f3225118a00b193a326764ebb754c97faba50eb05672aab5c9298ab3d63ab123668cf48b682d3c1d93e1b524b497bb66922839bd0191782ce30c4961ca7
-
SSDEEP
98304:M3tbwrB0kIuN3D8bfUXVQCwP9Kpl7QJG8rgohSw8D2z60ht59XC:MdQIuMQA9oQJ/gXDN
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1