General

  • Target

    d438ed356dc2c1a7dced118beb1c62e7d17e3fe647cf8941e982ef49238d3b75

  • Size

    4.1MB

  • Sample

    240509-s3y38ahd4v

  • MD5

    05eeb5a33edacd49eb0689d0b2897c14

  • SHA1

    21b38cbb236ef4aa241aba9dd7dd08430de1ac2f

  • SHA256

    d438ed356dc2c1a7dced118beb1c62e7d17e3fe647cf8941e982ef49238d3b75

  • SHA512

    ff257450a33ea718c49b61fe6ddf428780a4091e74705f682b200abe2989ecdfd6512da40199d1162395c3cb4f3d8b585e2926e0493b182cad9ae310e3aa6ccb

  • SSDEEP

    49152:KFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqF/:KFDbcVB3TFxHH43Ma9n+52NVhL/oBqqU

Malware Config

Targets

    • Target

      d438ed356dc2c1a7dced118beb1c62e7d17e3fe647cf8941e982ef49238d3b75

    • Size

      4.1MB

    • MD5

      05eeb5a33edacd49eb0689d0b2897c14

    • SHA1

      21b38cbb236ef4aa241aba9dd7dd08430de1ac2f

    • SHA256

      d438ed356dc2c1a7dced118beb1c62e7d17e3fe647cf8941e982ef49238d3b75

    • SHA512

      ff257450a33ea718c49b61fe6ddf428780a4091e74705f682b200abe2989ecdfd6512da40199d1162395c3cb4f3d8b585e2926e0493b182cad9ae310e3aa6ccb

    • SSDEEP

      49152:KFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqF/:KFDbcVB3TFxHH43Ma9n+52NVhL/oBqqU

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks