General

  • Target

    e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed

  • Size

    4.1MB

  • Sample

    240509-s3j93ahc9y

  • MD5

    d13734fefb2ce05ad1416bb3e38cebe6

  • SHA1

    be83b3b2a3d0e758d5d29ef6f01d01591bfc0b1c

  • SHA256

    e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed

  • SHA512

    01899ee6c4388e6402314a39f65558cfd95b76cf377f6bdb0660f825de047ccd113bc28154517400f0fcffb70a1cfc415c2977cd895e0cf94611532e8ae99fad

  • SSDEEP

    49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFn:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM

Malware Config

Targets

    • Target

      e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed

    • Size

      4.1MB

    • MD5

      d13734fefb2ce05ad1416bb3e38cebe6

    • SHA1

      be83b3b2a3d0e758d5d29ef6f01d01591bfc0b1c

    • SHA256

      e9047e84f32d27f1131664a3a861d989e35d576cd70ef26f37c320852ba397ed

    • SHA512

      01899ee6c4388e6402314a39f65558cfd95b76cf377f6bdb0660f825de047ccd113bc28154517400f0fcffb70a1cfc415c2977cd895e0cf94611532e8ae99fad

    • SSDEEP

      49152:yFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFn:yFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks