General

  • Target

    2eddc16aea838ab8a100e982c3e09665584018a59b9a3576dc0854ef191d46ca

  • Size

    4.1MB

  • Sample

    240515-3trb5aag27

  • MD5

    452f2ce29ce6785d98ef3f3f3287fdcf

  • SHA1

    be6d58eb10696d063d92ab9ad2aa3568b38867a8

  • SHA256

    2eddc16aea838ab8a100e982c3e09665584018a59b9a3576dc0854ef191d46ca

  • SHA512

    0ac3b8c6a4145ab8e9db8885e244c6b7d92181e11c94a39c5a5a45368e0cdbc4b02594cb08bd4426bad869803434cac75696a8c2e7e6b4a0edd3b1c4ca02ed79

  • SSDEEP

    98304:Hsj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQnK:Hg9u7eueIzil0SbrHmM0P

Malware Config

Targets

    • Target

      2eddc16aea838ab8a100e982c3e09665584018a59b9a3576dc0854ef191d46ca

    • Size

      4.1MB

    • MD5

      452f2ce29ce6785d98ef3f3f3287fdcf

    • SHA1

      be6d58eb10696d063d92ab9ad2aa3568b38867a8

    • SHA256

      2eddc16aea838ab8a100e982c3e09665584018a59b9a3576dc0854ef191d46ca

    • SHA512

      0ac3b8c6a4145ab8e9db8885e244c6b7d92181e11c94a39c5a5a45368e0cdbc4b02594cb08bd4426bad869803434cac75696a8c2e7e6b4a0edd3b1c4ca02ed79

    • SSDEEP

      98304:Hsj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQnK:Hg9u7eueIzil0SbrHmM0P

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks