General

  • Target

    50f85397247245fc15b94dc2a293897f39c363b182bcf5fc3abda42204c27cf3

  • Size

    4.2MB

  • Sample

    240419-l7a4mafg2w

  • MD5

    257695817883a01b385b0711cdd92a7f

  • SHA1

    ea7ab15b48a50471d1aa4fe01224c1a92fc5d13d

  • SHA256

    50f85397247245fc15b94dc2a293897f39c363b182bcf5fc3abda42204c27cf3

  • SHA512

    2806beb26c3a506033da45c5226ff3ef883a2f07aac90c4a0f637490d2a9ed1f44cf6803d918b3006630a270ed2f2438ed9127e80d730dc91fc69c1ff8b99e73

  • SSDEEP

    98304:BkCzxGX67jziInOwT+p9cyq2eBMnsC4wev2TDFlm5IHuXjE:jAXIiaT+p9uBMsCfecmJY

Malware Config

Targets

    • Target

      50f85397247245fc15b94dc2a293897f39c363b182bcf5fc3abda42204c27cf3

    • Size

      4.2MB

    • MD5

      257695817883a01b385b0711cdd92a7f

    • SHA1

      ea7ab15b48a50471d1aa4fe01224c1a92fc5d13d

    • SHA256

      50f85397247245fc15b94dc2a293897f39c363b182bcf5fc3abda42204c27cf3

    • SHA512

      2806beb26c3a506033da45c5226ff3ef883a2f07aac90c4a0f637490d2a9ed1f44cf6803d918b3006630a270ed2f2438ed9127e80d730dc91fc69c1ff8b99e73

    • SSDEEP

      98304:BkCzxGX67jziInOwT+p9cyq2eBMnsC4wev2TDFlm5IHuXjE:jAXIiaT+p9uBMsCfecmJY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks