General
-
Target
a5515fcc45fb2fd40e5444bb38320c73eaf99d66c09796ae5722dfbae37ca57c
-
Size
4.1MB
-
Sample
240519-reav2sbc7w
-
MD5
3a1f0ccd7581c4d3f50f1de795b2e483
-
SHA1
5290e1c4aad1f21eb45ac175a90292a81e75eed0
-
SHA256
a5515fcc45fb2fd40e5444bb38320c73eaf99d66c09796ae5722dfbae37ca57c
-
SHA512
e9a7bb02d67c93f5803ca7669bd3db8b2efc283688cceef582ea6afb132133daa99702a8617a4c011b584369dddbff2440db1f2ce4d91216eb4a5c0ac101dc81
-
SSDEEP
98304:YuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSe:YuOpIddBi3V8Ojm7gWylM939C/
Malware Config
Targets
-
-
Target
a5515fcc45fb2fd40e5444bb38320c73eaf99d66c09796ae5722dfbae37ca57c
-
Size
4.1MB
-
MD5
3a1f0ccd7581c4d3f50f1de795b2e483
-
SHA1
5290e1c4aad1f21eb45ac175a90292a81e75eed0
-
SHA256
a5515fcc45fb2fd40e5444bb38320c73eaf99d66c09796ae5722dfbae37ca57c
-
SHA512
e9a7bb02d67c93f5803ca7669bd3db8b2efc283688cceef582ea6afb132133daa99702a8617a4c011b584369dddbff2440db1f2ce4d91216eb4a5c0ac101dc81
-
SSDEEP
98304:YuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSe:YuOpIddBi3V8Ojm7gWylM939C/
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Manipulates WinMonFS driver.
Roottkits write to WinMonFS to hide directories/files from being detected.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1