General

  • Target

    43baa12b0d2bcfd208c1edf711534f176257c377e4acdf64556c56bd9d8fb180

  • Size

    4.1MB

  • Sample

    240515-lgc6asbb5y

  • MD5

    45eadb73176189d6c2d53d440c931f44

  • SHA1

    a6b8cc7241d0e1d54fd142028d8964b52c5d4fe4

  • SHA256

    43baa12b0d2bcfd208c1edf711534f176257c377e4acdf64556c56bd9d8fb180

  • SHA512

    7b28640bf03d80fa6eded48ee8977a1b9ca03432952a9ff3ac5e9ee22ddd8eb20196a8d18b8309c578e1261c997051c472cb1d5b5bed7cdd6c1c0559f4d24e1e

  • SSDEEP

    98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAu:bBwCmIp7Ci3XwSxbLu0E0yeIUT4u

Malware Config

Targets

    • Target

      43baa12b0d2bcfd208c1edf711534f176257c377e4acdf64556c56bd9d8fb180

    • Size

      4.1MB

    • MD5

      45eadb73176189d6c2d53d440c931f44

    • SHA1

      a6b8cc7241d0e1d54fd142028d8964b52c5d4fe4

    • SHA256

      43baa12b0d2bcfd208c1edf711534f176257c377e4acdf64556c56bd9d8fb180

    • SHA512

      7b28640bf03d80fa6eded48ee8977a1b9ca03432952a9ff3ac5e9ee22ddd8eb20196a8d18b8309c578e1261c997051c472cb1d5b5bed7cdd6c1c0559f4d24e1e

    • SSDEEP

      98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAu:bBwCmIp7Ci3XwSxbLu0E0yeIUT4u

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks