General

  • Target

    112516b1612a7850cf8136b0ad28613bf5e46acb4e84c3467397d5f1635babaa

  • Size

    4.1MB

  • Sample

    240427-pf2ztaad35

  • MD5

    6987835c461a63dae16bc3f17bae8289

  • SHA1

    efa9d995a09403a3e9d4573a40d79bce63da99a4

  • SHA256

    112516b1612a7850cf8136b0ad28613bf5e46acb4e84c3467397d5f1635babaa

  • SHA512

    5f1ea74e0d888e63f224bdf146390c65d2bacc9518b9abd62e7d4760d767b3ce9aa6a2d7355520b1f5ce84461b88b4f81776429faae1f7880168018d9c9295c2

  • SSDEEP

    98304:LxCWG3Td/212A9tSPb8vctuIp2ZHNoZVPX5Ut6lNIHcaW+cG6qPFkDdt:LxCr3TdeRtEuctuInVWCNIHlW+Uq6

Malware Config

Targets

    • Target

      112516b1612a7850cf8136b0ad28613bf5e46acb4e84c3467397d5f1635babaa

    • Size

      4.1MB

    • MD5

      6987835c461a63dae16bc3f17bae8289

    • SHA1

      efa9d995a09403a3e9d4573a40d79bce63da99a4

    • SHA256

      112516b1612a7850cf8136b0ad28613bf5e46acb4e84c3467397d5f1635babaa

    • SHA512

      5f1ea74e0d888e63f224bdf146390c65d2bacc9518b9abd62e7d4760d767b3ce9aa6a2d7355520b1f5ce84461b88b4f81776429faae1f7880168018d9c9295c2

    • SSDEEP

      98304:LxCWG3Td/212A9tSPb8vctuIp2ZHNoZVPX5Ut6lNIHcaW+cG6qPFkDdt:LxCr3TdeRtEuctuInVWCNIHlW+Uq6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks