General

  • Target

    81f5c535abe2ceb93babc7360d2867f0e98e5cb007810721b4cb61c19fa2733c

  • Size

    4.1MB

  • Sample

    240509-s1zlzacc22

  • MD5

    7aff2c9996865c02538aa6c63ae29d72

  • SHA1

    54b92298f28b95a6384d298cd72627a25a9ff0be

  • SHA256

    81f5c535abe2ceb93babc7360d2867f0e98e5cb007810721b4cb61c19fa2733c

  • SHA512

    a8528b3866861d31253d7299a84c0d1d6a36e2f0a68b48e796b42cd06d84a15c92b22ce8a425341f34b3c0693e2abba5a8b0ad48565a951650ef2d767b9273e5

  • SSDEEP

    49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFg:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqv

Malware Config

Targets

    • Target

      81f5c535abe2ceb93babc7360d2867f0e98e5cb007810721b4cb61c19fa2733c

    • Size

      4.1MB

    • MD5

      7aff2c9996865c02538aa6c63ae29d72

    • SHA1

      54b92298f28b95a6384d298cd72627a25a9ff0be

    • SHA256

      81f5c535abe2ceb93babc7360d2867f0e98e5cb007810721b4cb61c19fa2733c

    • SHA512

      a8528b3866861d31253d7299a84c0d1d6a36e2f0a68b48e796b42cd06d84a15c92b22ce8a425341f34b3c0693e2abba5a8b0ad48565a951650ef2d767b9273e5

    • SSDEEP

      49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFg:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqv

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks