General

  • Target

    15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98

  • Size

    4.2MB

  • Sample

    240420-z8kaksac48

  • MD5

    c03d5b59011cda23e1ec9775a6c18ff3

  • SHA1

    5aca29ecc8b7e6bbfee886d648b6e07d6bab6869

  • SHA256

    15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98

  • SHA512

    0439ecba33ccfb05ada25f37e43c8007e9887baf426b2389aa44a8330aaa2e696339d9fd0084f3f694c88dc7726ef1f2c872344309d604a876052e71c9c24d36

  • SSDEEP

    98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7Op:3TFmTI8qKjKFA4r+dAh7RQUM

Malware Config

Targets

    • Target

      15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98

    • Size

      4.2MB

    • MD5

      c03d5b59011cda23e1ec9775a6c18ff3

    • SHA1

      5aca29ecc8b7e6bbfee886d648b6e07d6bab6869

    • SHA256

      15bbf04148565d2dbf7bb81a902101399ac1f20edda7ae77213a8b97f5615b98

    • SHA512

      0439ecba33ccfb05ada25f37e43c8007e9887baf426b2389aa44a8330aaa2e696339d9fd0084f3f694c88dc7726ef1f2c872344309d604a876052e71c9c24d36

    • SSDEEP

      98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7Op:3TFmTI8qKjKFA4r+dAh7RQUM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks