General

  • Target

    1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb

  • Size

    4.2MB

  • Sample

    240509-2mmvpaag8z

  • MD5

    92e04e56e92a198e6f9bf221940a9802

  • SHA1

    6ddcad9d3370eadee23c508dbb64574b0e081a68

  • SHA256

    1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb

  • SHA512

    fb159130045b4dc661cf8706b098eca41512929345da16ed45df9a4e6ad4b4a70aaf760980a141ab10e9d5dd9c48edc4a5a6a4106287c73d6f3300bac8832b14

  • SSDEEP

    98304:NQ9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZz7:G9NSjM9QcjOisE18U78jDGd/ZvX7

Malware Config

Targets

    • Target

      1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb

    • Size

      4.2MB

    • MD5

      92e04e56e92a198e6f9bf221940a9802

    • SHA1

      6ddcad9d3370eadee23c508dbb64574b0e081a68

    • SHA256

      1ba8b2e4a3bad76d25b1b3297419ef71682f4da1c3056926bb9ccc6ab4b30adb

    • SHA512

      fb159130045b4dc661cf8706b098eca41512929345da16ed45df9a4e6ad4b4a70aaf760980a141ab10e9d5dd9c48edc4a5a6a4106287c73d6f3300bac8832b14

    • SSDEEP

      98304:NQ9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZz7:G9NSjM9QcjOisE18U78jDGd/ZvX7

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Modifies boot configuration data using bcdedit

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks