General

  • Target

    270b65f0490d7874b071522f57305e77167b8e7e24caa7e987747c6910e191ab

  • Size

    4.1MB

  • Sample

    240515-3gz4hahf7w

  • MD5

    faf63e3a8ca69c6915f26a14fac35100

  • SHA1

    2bec65a43fbfecf74a51e2e1192164014f37e817

  • SHA256

    270b65f0490d7874b071522f57305e77167b8e7e24caa7e987747c6910e191ab

  • SHA512

    b3e92130187cf010687b11e2db3e3703d19876f5147faa2f7a56bd3da076d86093dc8828949c36dd1e275b2a07bbdf0c2ac3fe69ee21f69b92da4338e122f729

  • SSDEEP

    98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbi:k5vuu/yDHItfIOpPCSgB5tC2

Malware Config

Targets

    • Target

      270b65f0490d7874b071522f57305e77167b8e7e24caa7e987747c6910e191ab

    • Size

      4.1MB

    • MD5

      faf63e3a8ca69c6915f26a14fac35100

    • SHA1

      2bec65a43fbfecf74a51e2e1192164014f37e817

    • SHA256

      270b65f0490d7874b071522f57305e77167b8e7e24caa7e987747c6910e191ab

    • SHA512

      b3e92130187cf010687b11e2db3e3703d19876f5147faa2f7a56bd3da076d86093dc8828949c36dd1e275b2a07bbdf0c2ac3fe69ee21f69b92da4338e122f729

    • SSDEEP

      98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbi:k5vuu/yDHItfIOpPCSgB5tC2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks