General

  • Target

    d572f3813daff0da2347ccdfdfc46000ba79f5e97e804be09fdfa6fe26b50218

  • Size

    4.2MB

  • Sample

    240418-lpx6faag2s

  • MD5

    dd6f01b06dbd7b9c8042f762fb9a9027

  • SHA1

    fb800e7c368c049b930e041c0714894315e8f771

  • SHA256

    d572f3813daff0da2347ccdfdfc46000ba79f5e97e804be09fdfa6fe26b50218

  • SHA512

    b03bf8fc8a99ae420d13ffa5d1c6ccad9a3ad88bf2c48aeefbcf12fe2c95711cc536e39921c4dbcdfe218ff7d1c90b865364bbdec4f6b43c556c6c91faf432c5

  • SSDEEP

    98304:8CPl518CIueKP5d7oVK7H7yJZnHQCD3+yubJ0gajSy:p518Ue6qZnwCDRsJZVy

Malware Config

Targets

    • Target

      d572f3813daff0da2347ccdfdfc46000ba79f5e97e804be09fdfa6fe26b50218

    • Size

      4.2MB

    • MD5

      dd6f01b06dbd7b9c8042f762fb9a9027

    • SHA1

      fb800e7c368c049b930e041c0714894315e8f771

    • SHA256

      d572f3813daff0da2347ccdfdfc46000ba79f5e97e804be09fdfa6fe26b50218

    • SHA512

      b03bf8fc8a99ae420d13ffa5d1c6ccad9a3ad88bf2c48aeefbcf12fe2c95711cc536e39921c4dbcdfe218ff7d1c90b865364bbdec4f6b43c556c6c91faf432c5

    • SSDEEP

      98304:8CPl518CIueKP5d7oVK7H7yJZnHQCD3+yubJ0gajSy:p518Ue6qZnwCDRsJZVy

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks