General

  • Target

    0152ab83a637f125b6b55654b7a82b5add03d8f9e14bb335344b146ba8aec3e4

  • Size

    4.2MB

  • Sample

    240417-3j4jpsah3w

  • MD5

    c74ad1ab7f39fb4532d26a4f74bde39b

  • SHA1

    2c8211138a3576566f18d4a85e61280b95f5a0dc

  • SHA256

    0152ab83a637f125b6b55654b7a82b5add03d8f9e14bb335344b146ba8aec3e4

  • SHA512

    1a84f2ee6ff07821e4d841d0e3cb0916ea1b8cc0425df4143d09f3ffe94d94afe01ee5f1c56aca611ac89096b508a1d80fd9e70f1acb584b89314d8810d885ab

  • SSDEEP

    98304:CkZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDi:zZ2x3CqNcHdGTLNp+F+8elDi

Malware Config

Targets

    • Target

      0152ab83a637f125b6b55654b7a82b5add03d8f9e14bb335344b146ba8aec3e4

    • Size

      4.2MB

    • MD5

      c74ad1ab7f39fb4532d26a4f74bde39b

    • SHA1

      2c8211138a3576566f18d4a85e61280b95f5a0dc

    • SHA256

      0152ab83a637f125b6b55654b7a82b5add03d8f9e14bb335344b146ba8aec3e4

    • SHA512

      1a84f2ee6ff07821e4d841d0e3cb0916ea1b8cc0425df4143d09f3ffe94d94afe01ee5f1c56aca611ac89096b508a1d80fd9e70f1acb584b89314d8810d885ab

    • SSDEEP

      98304:CkZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDi:zZ2x3CqNcHdGTLNp+F+8elDi

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks