General

  • Target

    0e45035213787fdfb9d2337fe3c966e64e06f69fc2150a2568b173d825f98391

  • Size

    4.1MB

  • Sample

    240509-s73xzahf8z

  • MD5

    19f4ef4750777081f7bc8f1aa4192f74

  • SHA1

    40bd7585285ebc85c1fe61f625faabdfa2a56db6

  • SHA256

    0e45035213787fdfb9d2337fe3c966e64e06f69fc2150a2568b173d825f98391

  • SHA512

    8c8438914f0f2a4d7356e537262b51942ee2e1717a3525a361a5735e33d24ac76764b9add8e07eda4c0b41d0c6bea196d847a556903047d08a5fd9f040d00b07

  • SSDEEP

    49152:KFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFG:KFDbcVB3TFxHH43Ma9n+52NVhL/oBqq9

Malware Config

Targets

    • Target

      0e45035213787fdfb9d2337fe3c966e64e06f69fc2150a2568b173d825f98391

    • Size

      4.1MB

    • MD5

      19f4ef4750777081f7bc8f1aa4192f74

    • SHA1

      40bd7585285ebc85c1fe61f625faabdfa2a56db6

    • SHA256

      0e45035213787fdfb9d2337fe3c966e64e06f69fc2150a2568b173d825f98391

    • SHA512

      8c8438914f0f2a4d7356e537262b51942ee2e1717a3525a361a5735e33d24ac76764b9add8e07eda4c0b41d0c6bea196d847a556903047d08a5fd9f040d00b07

    • SSDEEP

      49152:KFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFG:KFDbcVB3TFxHH43Ma9n+52NVhL/oBqq9

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks