General

  • Target

    49279f6cbb00ced9f9cf65f4e7ec572c4ca66eef122c9a070bef7147b89ec7c4

  • Size

    4.1MB

  • Sample

    240515-3h2zgsaa79

  • MD5

    0a9cfc2c2484a4c4faa964d90b7061f9

  • SHA1

    0c2df07b92230a6ca9467a6ddbc9762e2093f669

  • SHA256

    49279f6cbb00ced9f9cf65f4e7ec572c4ca66eef122c9a070bef7147b89ec7c4

  • SHA512

    abca7098fcb20d168836609f48a78b18303252fe5df6c68fe22fe017c020ae26810105b3ae0ce1d70092b0a2253a06cdc124b02bdbfab0f6799a2697052622c7

  • SSDEEP

    98304:UCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbc:U5vuu/yDHItfIOpPCSgB5tCg

Malware Config

Targets

    • Target

      49279f6cbb00ced9f9cf65f4e7ec572c4ca66eef122c9a070bef7147b89ec7c4

    • Size

      4.1MB

    • MD5

      0a9cfc2c2484a4c4faa964d90b7061f9

    • SHA1

      0c2df07b92230a6ca9467a6ddbc9762e2093f669

    • SHA256

      49279f6cbb00ced9f9cf65f4e7ec572c4ca66eef122c9a070bef7147b89ec7c4

    • SHA512

      abca7098fcb20d168836609f48a78b18303252fe5df6c68fe22fe017c020ae26810105b3ae0ce1d70092b0a2253a06cdc124b02bdbfab0f6799a2697052622c7

    • SSDEEP

      98304:UCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbc:U5vuu/yDHItfIOpPCSgB5tCg

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks