General

  • Target

    5d4547937a442dff1fa9fde4b7b09bccd1d2660bf18d47e99bb8e2c175bfe6ba

  • Size

    4.1MB

  • Sample

    240509-2zs78sbh2z

  • MD5

    ae8ee19fe5d8bfa2ed7430bc7e751789

  • SHA1

    fe64b0bd7419812939c4cf8eb859f93bf3997876

  • SHA256

    5d4547937a442dff1fa9fde4b7b09bccd1d2660bf18d47e99bb8e2c175bfe6ba

  • SHA512

    41b36daa7237b9412b6f28ebe7bb4e65c789f923af707f0bf1471c097987d5b5d4735ca5c3f30323084b7a5d4a8a0c9965215480f1b0a6465765558775d110f4

  • SSDEEP

    98304:6hmuVfMdjxpGXzj6u2Qs59B1FlEndk49vn8VDl82JcFT4:6hmCWjqzX2vxAndk49qBU2

Malware Config

Targets

    • Target

      5d4547937a442dff1fa9fde4b7b09bccd1d2660bf18d47e99bb8e2c175bfe6ba

    • Size

      4.1MB

    • MD5

      ae8ee19fe5d8bfa2ed7430bc7e751789

    • SHA1

      fe64b0bd7419812939c4cf8eb859f93bf3997876

    • SHA256

      5d4547937a442dff1fa9fde4b7b09bccd1d2660bf18d47e99bb8e2c175bfe6ba

    • SHA512

      41b36daa7237b9412b6f28ebe7bb4e65c789f923af707f0bf1471c097987d5b5d4735ca5c3f30323084b7a5d4a8a0c9965215480f1b0a6465765558775d110f4

    • SSDEEP

      98304:6hmuVfMdjxpGXzj6u2Qs59B1FlEndk49vn8VDl82JcFT4:6hmCWjqzX2vxAndk49qBU2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Modifies boot configuration data using bcdedit

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks