General

  • Target

    fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02

  • Size

    4.1MB

  • Sample

    240515-lg5wbabc69

  • MD5

    3d9ae9bc8e821c5c0b45632fb2673ef7

  • SHA1

    fe284b82d1cdd6513e404c3afee726a264ea210f

  • SHA256

    fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02

  • SHA512

    2d7bd52eaa5ea4566e42bf0ccfd22619c7d88c93ce03e55b367326362aec2a7d382c058444608fb3431274849ace5602fe803bbc46a4b0dfc25a1213331d7797

  • SSDEEP

    98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA2:bBwCmIp7Ci3XwSxbLu0E0yeIUT42

Malware Config

Targets

    • Target

      fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02

    • Size

      4.1MB

    • MD5

      3d9ae9bc8e821c5c0b45632fb2673ef7

    • SHA1

      fe284b82d1cdd6513e404c3afee726a264ea210f

    • SHA256

      fa7d17b12b39ab0cadef911a0540ec8adad3b89a7f0cdf0217faafcbe7defd02

    • SHA512

      2d7bd52eaa5ea4566e42bf0ccfd22619c7d88c93ce03e55b367326362aec2a7d382c058444608fb3431274849ace5602fe803bbc46a4b0dfc25a1213331d7797

    • SSDEEP

      98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA2:bBwCmIp7Ci3XwSxbLu0E0yeIUT42

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks