General

  • Target

    57e0490d129d19832c1f5f752be36f627269b5e71d545776a7f5a934c9a5245d

  • Size

    4.1MB

  • Sample

    240515-3kkszshh3t

  • MD5

    6505a05ece25ebac5201d319aea07ebc

  • SHA1

    57662fe26bee914bd9bff33a86b4e8d53cb0b34b

  • SHA256

    57e0490d129d19832c1f5f752be36f627269b5e71d545776a7f5a934c9a5245d

  • SHA512

    f9ea4516858597eeec2d80d8cbfa3c56fbc84c16df0c875d63ad7bd3a8809766b11acf229a312323ecf5b156e6d951b796c3d4903970bccc1fae5cf8d079a690

  • SSDEEP

    98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbj:k5vuu/yDHItfIOpPCSgB5tCf

Malware Config

Targets

    • Target

      57e0490d129d19832c1f5f752be36f627269b5e71d545776a7f5a934c9a5245d

    • Size

      4.1MB

    • MD5

      6505a05ece25ebac5201d319aea07ebc

    • SHA1

      57662fe26bee914bd9bff33a86b4e8d53cb0b34b

    • SHA256

      57e0490d129d19832c1f5f752be36f627269b5e71d545776a7f5a934c9a5245d

    • SHA512

      f9ea4516858597eeec2d80d8cbfa3c56fbc84c16df0c875d63ad7bd3a8809766b11acf229a312323ecf5b156e6d951b796c3d4903970bccc1fae5cf8d079a690

    • SSDEEP

      98304:kCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbj:k5vuu/yDHItfIOpPCSgB5tCf

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks