General

  • Target

    3b5645af7ed7d40f0770546add16b42cd4462f8818a18f88a5e17974a8fba083

  • Size

    4.2MB

  • Sample

    240509-2sj1zsee46

  • MD5

    1acf9847e01d84173bff136c1ac3caf5

  • SHA1

    f17521b6b835b5df56d2290c98aeb33d0dd601f1

  • SHA256

    3b5645af7ed7d40f0770546add16b42cd4462f8818a18f88a5e17974a8fba083

  • SHA512

    50f52a3fe7916e207b432f34175c3081bfd25720477c3850f63fbba86380bbc6a17c050e84c98ebe089f8bbb0073071f9a5c1a2c26489d13064ebff932085d30

  • SSDEEP

    98304:SYYiaFq+ieS5FN6Ok4KsxnWuFa9Ky4Bnrz9CeP/hqGF:SYNWaN6/4KsbUUweIGF

Malware Config

Targets

    • Target

      3b5645af7ed7d40f0770546add16b42cd4462f8818a18f88a5e17974a8fba083

    • Size

      4.2MB

    • MD5

      1acf9847e01d84173bff136c1ac3caf5

    • SHA1

      f17521b6b835b5df56d2290c98aeb33d0dd601f1

    • SHA256

      3b5645af7ed7d40f0770546add16b42cd4462f8818a18f88a5e17974a8fba083

    • SHA512

      50f52a3fe7916e207b432f34175c3081bfd25720477c3850f63fbba86380bbc6a17c050e84c98ebe089f8bbb0073071f9a5c1a2c26489d13064ebff932085d30

    • SSDEEP

      98304:SYYiaFq+ieS5FN6Ok4KsxnWuFa9Ky4Bnrz9CeP/hqGF:SYNWaN6/4KsbUUweIGF

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks