General

  • Target

    2614725ec708f2a5aa495f25676da292ec8018f108e55e145144f001fda2bf0a

  • Size

    4.2MB

  • Sample

    240419-lc2yvsee6s

  • MD5

    a5396ec8672f12f60d2e7dfee0062383

  • SHA1

    23e21eba38513a4cb9f1353bf4ab24e973daf1a0

  • SHA256

    2614725ec708f2a5aa495f25676da292ec8018f108e55e145144f001fda2bf0a

  • SHA512

    740e0fdd31ae835b5fb340d16ee5d999330c77ab6ef471f04135bd4b5b47ea37962aebe7476a709030b6d9528a3243fd08bfed37568c0d9c08ee9866a9cb808d

  • SSDEEP

    98304:dIBNXOOfwLGhP6KRoj027D5HGyNAiNcOh9MZ99WifgA28ff94Zk:kjfa7j0YDNAHCC9Miz28ffn

Malware Config

Targets

    • Target

      2614725ec708f2a5aa495f25676da292ec8018f108e55e145144f001fda2bf0a

    • Size

      4.2MB

    • MD5

      a5396ec8672f12f60d2e7dfee0062383

    • SHA1

      23e21eba38513a4cb9f1353bf4ab24e973daf1a0

    • SHA256

      2614725ec708f2a5aa495f25676da292ec8018f108e55e145144f001fda2bf0a

    • SHA512

      740e0fdd31ae835b5fb340d16ee5d999330c77ab6ef471f04135bd4b5b47ea37962aebe7476a709030b6d9528a3243fd08bfed37568c0d9c08ee9866a9cb808d

    • SSDEEP

      98304:dIBNXOOfwLGhP6KRoj027D5HGyNAiNcOh9MZ99WifgA28ff94Zk:kjfa7j0YDNAHCC9Miz28ffn

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks