General

  • Target

    302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1

  • Size

    4.2MB

  • Sample

    240417-skbj7sde34

  • MD5

    83407feb13683370d4e853622f636e81

  • SHA1

    ccb9042541180f3cc30f4440eb60112b96d08c72

  • SHA256

    302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1

  • SHA512

    16341eb63084b03d158e8546d15d190455392c1a7a9d1dc4c719942029bfcd0da81536349c5de4484f6b9f0e89737ce6e3f1254992578268e053219a6cbf0d06

  • SSDEEP

    49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPix:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAx

Malware Config

Targets

    • Target

      302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1

    • Size

      4.2MB

    • MD5

      83407feb13683370d4e853622f636e81

    • SHA1

      ccb9042541180f3cc30f4440eb60112b96d08c72

    • SHA256

      302770c5aa78e2bb3a35e5cec3267a448b940b50d7d6d55bddc834c26549a8c1

    • SHA512

      16341eb63084b03d158e8546d15d190455392c1a7a9d1dc4c719942029bfcd0da81536349c5de4484f6b9f0e89737ce6e3f1254992578268e053219a6cbf0d06

    • SSDEEP

      49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPix:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks