General

  • Target

    61f55eb92c0b2e7f2c70a46110c8d8aeab9f820adfa3055723215366229618c4

  • Size

    4.1MB

  • Sample

    240515-le78naba8w

  • MD5

    54eb4e331b25b740383719fdbe99f549

  • SHA1

    e75545c063daaa49669e9da5af04d59d250f44fc

  • SHA256

    61f55eb92c0b2e7f2c70a46110c8d8aeab9f820adfa3055723215366229618c4

  • SHA512

    ef5e8fa016f0605bbda4e6f1c64641ab9e17397eb125d5a9931b3ea5b665cd89865dc1fd1db0220b160ccbbc3c09c41c973734279561c85ad9ca453267d6faf7

  • SSDEEP

    98304:jMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAl:jBwCmIp7Ci3XwSxbLu0E0yeIUT4l

Malware Config

Targets

    • Target

      61f55eb92c0b2e7f2c70a46110c8d8aeab9f820adfa3055723215366229618c4

    • Size

      4.1MB

    • MD5

      54eb4e331b25b740383719fdbe99f549

    • SHA1

      e75545c063daaa49669e9da5af04d59d250f44fc

    • SHA256

      61f55eb92c0b2e7f2c70a46110c8d8aeab9f820adfa3055723215366229618c4

    • SHA512

      ef5e8fa016f0605bbda4e6f1c64641ab9e17397eb125d5a9931b3ea5b665cd89865dc1fd1db0220b160ccbbc3c09c41c973734279561c85ad9ca453267d6faf7

    • SSDEEP

      98304:jMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAl:jBwCmIp7Ci3XwSxbLu0E0yeIUT4l

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks