General

  • Target

    d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3

  • Size

    4.2MB

  • Sample

    240417-sln7pafa7t

  • MD5

    2412f824274833524d61b885b830e9a8

  • SHA1

    ab754d77de4ddaec1f87f18293972868477fa247

  • SHA256

    d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3

  • SHA512

    fb978c3fa80f9f1c0933512dffc3d964e2f0a92a22ac4e67688ec9b9c21d014472de19d9841240c5a08d36176091ca7c71c457dba7b4c7b20f159edcc123d0ea

  • SSDEEP

    49152:zMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPi+:wHFCy0PUDbdaR/a+iGqhn/GsxbuoA+

Malware Config

Targets

    • Target

      d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3

    • Size

      4.2MB

    • MD5

      2412f824274833524d61b885b830e9a8

    • SHA1

      ab754d77de4ddaec1f87f18293972868477fa247

    • SHA256

      d4554f3c02c4f16ad7299d79e4465adc0ea82e537c7340249f943ae7a5ab66d3

    • SHA512

      fb978c3fa80f9f1c0933512dffc3d964e2f0a92a22ac4e67688ec9b9c21d014472de19d9841240c5a08d36176091ca7c71c457dba7b4c7b20f159edcc123d0ea

    • SSDEEP

      49152:zMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPi+:wHFCy0PUDbdaR/a+iGqhn/GsxbuoA+

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks