General

  • Target

    f84485965dc1cee206f5fc274b408b8bf5a41e98c795f9b94d03bc0145dbe4dc

  • Size

    4.1MB

  • Sample

    240515-3n8zzsad65

  • MD5

    48d81ccf7dd3757e06d20a78b4563c8f

  • SHA1

    42e5609e1f15d37cd1c2f3419c267b735e593fdc

  • SHA256

    f84485965dc1cee206f5fc274b408b8bf5a41e98c795f9b94d03bc0145dbe4dc

  • SHA512

    682eecb34319490e97117f88165bdfae0ab7a4c5bfbb9c9e959c40037c7386e2a1491211f8838cdd193915d1152bb2445b1e9a88fdaa7ce8ffd2f9d753fd3168

  • SSDEEP

    98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQnp:3g9u7eueIzil0SbrHmM00

Malware Config

Targets

    • Target

      f84485965dc1cee206f5fc274b408b8bf5a41e98c795f9b94d03bc0145dbe4dc

    • Size

      4.1MB

    • MD5

      48d81ccf7dd3757e06d20a78b4563c8f

    • SHA1

      42e5609e1f15d37cd1c2f3419c267b735e593fdc

    • SHA256

      f84485965dc1cee206f5fc274b408b8bf5a41e98c795f9b94d03bc0145dbe4dc

    • SHA512

      682eecb34319490e97117f88165bdfae0ab7a4c5bfbb9c9e959c40037c7386e2a1491211f8838cdd193915d1152bb2445b1e9a88fdaa7ce8ffd2f9d753fd3168

    • SSDEEP

      98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQnp:3g9u7eueIzil0SbrHmM00

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks