General

  • Target

    f65fb5836c4ba73977e520a8b8d905067fa8306c334d6332267d07d6b3ea3004

  • Size

    4.1MB

  • Sample

    240515-lpzz2abf2y

  • MD5

    c6cd58e3c82a1b41f48658815adea345

  • SHA1

    729657005e676aeec11d7df8e498a9f931ec7a98

  • SHA256

    f65fb5836c4ba73977e520a8b8d905067fa8306c334d6332267d07d6b3ea3004

  • SHA512

    14edb3681c6903e2fd85e12e116edd9c658e31d931b56c323e48d0efb3cec8677b07836f1cad5587d3c8049cef6410d94c0aedec44675f7ae29d5b5b69eddf19

  • SSDEEP

    98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAy:bBwCmIp7Ci3XwSxbLu0E0yeIUT4y

Malware Config

Targets

    • Target

      f65fb5836c4ba73977e520a8b8d905067fa8306c334d6332267d07d6b3ea3004

    • Size

      4.1MB

    • MD5

      c6cd58e3c82a1b41f48658815adea345

    • SHA1

      729657005e676aeec11d7df8e498a9f931ec7a98

    • SHA256

      f65fb5836c4ba73977e520a8b8d905067fa8306c334d6332267d07d6b3ea3004

    • SHA512

      14edb3681c6903e2fd85e12e116edd9c658e31d931b56c323e48d0efb3cec8677b07836f1cad5587d3c8049cef6410d94c0aedec44675f7ae29d5b5b69eddf19

    • SSDEEP

      98304:bMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAy:bBwCmIp7Ci3XwSxbLu0E0yeIUT4y

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks