General

  • Target

    affef6198803d2326f4528dc165fdb88c197072eeac42f88881196e229bffad3

  • Size

    4.1MB

  • Sample

    240515-3l24naac55

  • MD5

    bba9d5e991359022bc40745ee861cd26

  • SHA1

    baf34d9d483bea0bc6ed4d4b879a30633ce15ffb

  • SHA256

    affef6198803d2326f4528dc165fdb88c197072eeac42f88881196e229bffad3

  • SHA512

    abbd034fa4806f9a3b98e3760db6785f719b8b43366f6ff50cd0254ed65c09f5baf2f78e284ce26fd2e88656ae87b0e93f7360be93a92c776ebfc5b1fb831135

  • SSDEEP

    98304:8CrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbs:85vuu/yDHItfIOpPCSgB5tCg

Malware Config

Targets

    • Target

      affef6198803d2326f4528dc165fdb88c197072eeac42f88881196e229bffad3

    • Size

      4.1MB

    • MD5

      bba9d5e991359022bc40745ee861cd26

    • SHA1

      baf34d9d483bea0bc6ed4d4b879a30633ce15ffb

    • SHA256

      affef6198803d2326f4528dc165fdb88c197072eeac42f88881196e229bffad3

    • SHA512

      abbd034fa4806f9a3b98e3760db6785f719b8b43366f6ff50cd0254ed65c09f5baf2f78e284ce26fd2e88656ae87b0e93f7360be93a92c776ebfc5b1fb831135

    • SSDEEP

      98304:8CrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbs:85vuu/yDHItfIOpPCSgB5tCg

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks