General

  • Target

    9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827

  • Size

    4.1MB

  • Sample

    240515-lmpfhsbe96

  • MD5

    541c4b37f895df8604405f1802c78f96

  • SHA1

    e745d345c873b4baee8a85604a295703721b1f19

  • SHA256

    9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827

  • SHA512

    6ebdc7d8e12625dfadd301ca7a6ae33c3b896a4406622fbc6a9bcea74c18b2f08ac9186b180bfac1c88a23bd35b4069c349903ee6b110674a7474316e3c44a64

  • SSDEEP

    98304:rMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAY:rBwCmIp7Ci3XwSxbLu0E0yeIUT4Y

Malware Config

Targets

    • Target

      9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827

    • Size

      4.1MB

    • MD5

      541c4b37f895df8604405f1802c78f96

    • SHA1

      e745d345c873b4baee8a85604a295703721b1f19

    • SHA256

      9f75cac6bd87113f5ddf2aaa64c8037803486b5c9eefed93c0b20dc0eb32e827

    • SHA512

      6ebdc7d8e12625dfadd301ca7a6ae33c3b896a4406622fbc6a9bcea74c18b2f08ac9186b180bfac1c88a23bd35b4069c349903ee6b110674a7474316e3c44a64

    • SSDEEP

      98304:rMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAY:rBwCmIp7Ci3XwSxbLu0E0yeIUT4Y

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks