General

  • Target

    0407be250a0f68a02beda6b3fd130e5f46a56ad1bf0a743acd6cf95a8e979465

  • Size

    4.1MB

  • Sample

    240515-lf8ktabc28

  • MD5

    83e507f0897db87f19b9fee508d6944b

  • SHA1

    4745237dadf96209b02320f07f001bbf32eadf0a

  • SHA256

    0407be250a0f68a02beda6b3fd130e5f46a56ad1bf0a743acd6cf95a8e979465

  • SHA512

    2a7c84af3970b93198b3ea72f1074eacefc51bd3d93cb450509897493dc04e7beaa930876a504d999a9597aec683e03fa551448a05ec834b5fd9fe09f52d3265

  • SSDEEP

    98304:TMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAk:TBwCmIp7Ci3XwSxbLu0E0yeIUT4k

Malware Config

Targets

    • Target

      0407be250a0f68a02beda6b3fd130e5f46a56ad1bf0a743acd6cf95a8e979465

    • Size

      4.1MB

    • MD5

      83e507f0897db87f19b9fee508d6944b

    • SHA1

      4745237dadf96209b02320f07f001bbf32eadf0a

    • SHA256

      0407be250a0f68a02beda6b3fd130e5f46a56ad1bf0a743acd6cf95a8e979465

    • SHA512

      2a7c84af3970b93198b3ea72f1074eacefc51bd3d93cb450509897493dc04e7beaa930876a504d999a9597aec683e03fa551448a05ec834b5fd9fe09f52d3265

    • SSDEEP

      98304:TMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAk:TBwCmIp7Ci3XwSxbLu0E0yeIUT4k

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks