General

  • Target

    485686dce1ebc3cf612d37ffabf3e7f066d5073f386e8245fafa900c38fc2c16

  • Size

    4.1MB

  • Sample

    240515-lhnnesbc2y

  • MD5

    02712ece3af72871e9befeb1576acd4c

  • SHA1

    2b4c4324c07528fc4c25b589c924edeef09bda3e

  • SHA256

    485686dce1ebc3cf612d37ffabf3e7f066d5073f386e8245fafa900c38fc2c16

  • SHA512

    beb5e2e389cfa12486ee46f4daab24d2aa8c5a35782de0263d009ae48d535b8395f4a7eff32cc8c0d1cd9a8b9bf347630f45002ae51e21c5d2165580a87aded8

  • SSDEEP

    98304:LMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAh:LBwCmIp7Ci3XwSxbLu0E0yeIUT4h

Malware Config

Targets

    • Target

      485686dce1ebc3cf612d37ffabf3e7f066d5073f386e8245fafa900c38fc2c16

    • Size

      4.1MB

    • MD5

      02712ece3af72871e9befeb1576acd4c

    • SHA1

      2b4c4324c07528fc4c25b589c924edeef09bda3e

    • SHA256

      485686dce1ebc3cf612d37ffabf3e7f066d5073f386e8245fafa900c38fc2c16

    • SHA512

      beb5e2e389cfa12486ee46f4daab24d2aa8c5a35782de0263d009ae48d535b8395f4a7eff32cc8c0d1cd9a8b9bf347630f45002ae51e21c5d2165580a87aded8

    • SSDEEP

      98304:LMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAh:LBwCmIp7Ci3XwSxbLu0E0yeIUT4h

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks