General

  • Target

    34d3bee3f8dc2cbac0fade2572165b94a3b24c82352ab396d486f7c2c4d8380d

  • Size

    4.1MB

  • Sample

    240515-lhxw4abc96

  • MD5

    d9de26745881cbb4547af92cae9976be

  • SHA1

    69d0fedfba4dc391975c9faf6c3e8b0dd86d62c9

  • SHA256

    34d3bee3f8dc2cbac0fade2572165b94a3b24c82352ab396d486f7c2c4d8380d

  • SHA512

    38f0c2eef896552a90e01ee2ee6edf0214046452e3cd0ae01a977d25ab8d954e867e2ef359bade399407b3073c37a05f0bb47c17382620064fd39901340d3a2b

  • SSDEEP

    98304:jMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAt:jBwCmIp7Ci3XwSxbLu0E0yeIUT4t

Malware Config

Targets

    • Target

      34d3bee3f8dc2cbac0fade2572165b94a3b24c82352ab396d486f7c2c4d8380d

    • Size

      4.1MB

    • MD5

      d9de26745881cbb4547af92cae9976be

    • SHA1

      69d0fedfba4dc391975c9faf6c3e8b0dd86d62c9

    • SHA256

      34d3bee3f8dc2cbac0fade2572165b94a3b24c82352ab396d486f7c2c4d8380d

    • SHA512

      38f0c2eef896552a90e01ee2ee6edf0214046452e3cd0ae01a977d25ab8d954e867e2ef359bade399407b3073c37a05f0bb47c17382620064fd39901340d3a2b

    • SSDEEP

      98304:jMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAt:jBwCmIp7Ci3XwSxbLu0E0yeIUT4t

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks