General

  • Target

    a4936c43c5acb42b7ca51dd78c8eda46fe90569e1673cc9bea4cf77f4c16f6ed

  • Size

    4.2MB

  • Sample

    240417-slbxcsfa6s

  • MD5

    b1d0ddfa7404e17537be5943477f4a88

  • SHA1

    4ed9cad6684cf6a6092fcac6fda1af51cf9fab98

  • SHA256

    a4936c43c5acb42b7ca51dd78c8eda46fe90569e1673cc9bea4cf77f4c16f6ed

  • SHA512

    a367bd09f7a85589c3364df9ca9ca9ea4fcb86c57922e9d8ee3454447c150be4733029a4747225bcd2757759a9b64a035e3e33730c229ccf54c88c5b539e65a4

  • SSDEEP

    49152:DMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPic:AHFCy0PUDbdaR/a+iGqhn/GsxbuoAc

Malware Config

Targets

    • Target

      a4936c43c5acb42b7ca51dd78c8eda46fe90569e1673cc9bea4cf77f4c16f6ed

    • Size

      4.2MB

    • MD5

      b1d0ddfa7404e17537be5943477f4a88

    • SHA1

      4ed9cad6684cf6a6092fcac6fda1af51cf9fab98

    • SHA256

      a4936c43c5acb42b7ca51dd78c8eda46fe90569e1673cc9bea4cf77f4c16f6ed

    • SHA512

      a367bd09f7a85589c3364df9ca9ca9ea4fcb86c57922e9d8ee3454447c150be4733029a4747225bcd2757759a9b64a035e3e33730c229ccf54c88c5b539e65a4

    • SSDEEP

      49152:DMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPic:AHFCy0PUDbdaR/a+iGqhn/GsxbuoAc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks