General

  • Target

    d55ac97e45a3f989b127ed40e2b5a917d541f6666e10a720bf1fe3ea84d2949b

  • Size

    4.1MB

  • Sample

    240515-le22msba7x

  • MD5

    053b29b3958302225b5f6efdb16550f9

  • SHA1

    20d8b1601e454cdf0606ba2a69ada4bf39789159

  • SHA256

    d55ac97e45a3f989b127ed40e2b5a917d541f6666e10a720bf1fe3ea84d2949b

  • SHA512

    2a0feffef9a89498bc4f6f537a0016efbd4a288344187ffe8caa51c11fdcc6d92321156f4a75e6b5a35850f8a8d165d800b80dcb691247dd6ba6fee8612b9c3c

  • SSDEEP

    98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAS:bBwCmIp7Ci3XwSxbLu0E0yeIUT4S

Malware Config

Targets

    • Target

      d55ac97e45a3f989b127ed40e2b5a917d541f6666e10a720bf1fe3ea84d2949b

    • Size

      4.1MB

    • MD5

      053b29b3958302225b5f6efdb16550f9

    • SHA1

      20d8b1601e454cdf0606ba2a69ada4bf39789159

    • SHA256

      d55ac97e45a3f989b127ed40e2b5a917d541f6666e10a720bf1fe3ea84d2949b

    • SHA512

      2a0feffef9a89498bc4f6f537a0016efbd4a288344187ffe8caa51c11fdcc6d92321156f4a75e6b5a35850f8a8d165d800b80dcb691247dd6ba6fee8612b9c3c

    • SSDEEP

      98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAS:bBwCmIp7Ci3XwSxbLu0E0yeIUT4S

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks