General

  • Target

    0d7c71a540c0ce2354badf951fc77069fb2b3d92d6f95ad2b31eeb6c0932845a

  • Size

    4.1MB

  • Sample

    240515-lhxlbsbc3y

  • MD5

    37e3663864a3bd9c17859297c5c2b7ec

  • SHA1

    1c88225d7ded66fceefa24ddfb5300ea074ab13f

  • SHA256

    0d7c71a540c0ce2354badf951fc77069fb2b3d92d6f95ad2b31eeb6c0932845a

  • SHA512

    862e5246de184d232d7fbb60fcd140f3b9f973b29ca3b7993028b8c7f9c0e3bf4350caa5e4a9b16b892cf55b9753c93d2725abf9541a782eaa76063856d407e3

  • SSDEEP

    98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA9:bBwCmIp7Ci3XwSxbLu0E0yeIUT49

Malware Config

Targets

    • Target

      0d7c71a540c0ce2354badf951fc77069fb2b3d92d6f95ad2b31eeb6c0932845a

    • Size

      4.1MB

    • MD5

      37e3663864a3bd9c17859297c5c2b7ec

    • SHA1

      1c88225d7ded66fceefa24ddfb5300ea074ab13f

    • SHA256

      0d7c71a540c0ce2354badf951fc77069fb2b3d92d6f95ad2b31eeb6c0932845a

    • SHA512

      862e5246de184d232d7fbb60fcd140f3b9f973b29ca3b7993028b8c7f9c0e3bf4350caa5e4a9b16b892cf55b9753c93d2725abf9541a782eaa76063856d407e3

    • SSDEEP

      98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PA9:bBwCmIp7Ci3XwSxbLu0E0yeIUT49

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks