General

  • Target

    c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1

  • Size

    4.2MB

  • Sample

    240419-hv324abe47

  • MD5

    b764fe34c29225bd5a310fe4a77eec31

  • SHA1

    20feb31705a26fbcec37aae2a274c2987699c6e4

  • SHA256

    c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1

  • SHA512

    713d39e49031c575897ecd7ac3bbdea1bb9b7714207036319ce3cf1a3b5975dab7bbc7fd5390e5ea208dbfd99b9718046e18144e94d728b57fb560dec8c0cea4

  • SSDEEP

    98304:XNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4+:+k7LeNhW/+FpBVAa19Ce4dlv7wZ4+

Malware Config

Targets

    • Target

      c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1

    • Size

      4.2MB

    • MD5

      b764fe34c29225bd5a310fe4a77eec31

    • SHA1

      20feb31705a26fbcec37aae2a274c2987699c6e4

    • SHA256

      c489ceb1beb400232c6dbf04a40aa2a437c3670a04122f86e5e0486cf90a10d1

    • SHA512

      713d39e49031c575897ecd7ac3bbdea1bb9b7714207036319ce3cf1a3b5975dab7bbc7fd5390e5ea208dbfd99b9718046e18144e94d728b57fb560dec8c0cea4

    • SSDEEP

      98304:XNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/4+:+k7LeNhW/+FpBVAa19Ce4dlv7wZ4+

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks