General

  • Target

    456a3ccae6be0ab508fd34590725d4fc36f5f85fa146c766586e658bf507d0c1

  • Size

    4.1MB

  • Sample

    240515-lqsx4sbg67

  • MD5

    5d5b31efd489b6c6a12ba880531ee77b

  • SHA1

    cb730ff7280c72ef4e0e4b64d8fb5a7b18d442e4

  • SHA256

    456a3ccae6be0ab508fd34590725d4fc36f5f85fa146c766586e658bf507d0c1

  • SHA512

    09fe80a7b7cc4701b8d335aaef5596d3175e80b479220f5c44749afc91a764d840d80685507faa8398ffa5ac4a692db9526eab7de2a6bfeeffca21305e9787ca

  • SSDEEP

    98304:LrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N65:LrCy8l0I4UGC6Dg3yk88np5

Malware Config

Targets

    • Target

      456a3ccae6be0ab508fd34590725d4fc36f5f85fa146c766586e658bf507d0c1

    • Size

      4.1MB

    • MD5

      5d5b31efd489b6c6a12ba880531ee77b

    • SHA1

      cb730ff7280c72ef4e0e4b64d8fb5a7b18d442e4

    • SHA256

      456a3ccae6be0ab508fd34590725d4fc36f5f85fa146c766586e658bf507d0c1

    • SHA512

      09fe80a7b7cc4701b8d335aaef5596d3175e80b479220f5c44749afc91a764d840d80685507faa8398ffa5ac4a692db9526eab7de2a6bfeeffca21305e9787ca

    • SSDEEP

      98304:LrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N65:LrCy8l0I4UGC6Dg3yk88np5

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks