General

  • Target

    00a62c9a513b1b14a4d867312bfb351a353c08e3ae57c7b1039dd14b9a06948e

  • Size

    4.1MB

  • Sample

    240515-lrc82sbg85

  • MD5

    e04c8835ff1a6b41175375877a7d073f

  • SHA1

    8bc2005dd4844ef6decd5b9bbf6559f7bb8a1517

  • SHA256

    00a62c9a513b1b14a4d867312bfb351a353c08e3ae57c7b1039dd14b9a06948e

  • SHA512

    c0bb227323e0b033d9e1005be438feea3444f3fff1cfd8d09205b222fe3eb2dd035df43a0129d91e486f42ce6bf8a8a36e26537633e48f4c173eaae7002a757d

  • SSDEEP

    98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N61:brCy8l0I4UGC6Dg3yk88np1

Malware Config

Targets

    • Target

      00a62c9a513b1b14a4d867312bfb351a353c08e3ae57c7b1039dd14b9a06948e

    • Size

      4.1MB

    • MD5

      e04c8835ff1a6b41175375877a7d073f

    • SHA1

      8bc2005dd4844ef6decd5b9bbf6559f7bb8a1517

    • SHA256

      00a62c9a513b1b14a4d867312bfb351a353c08e3ae57c7b1039dd14b9a06948e

    • SHA512

      c0bb227323e0b033d9e1005be438feea3444f3fff1cfd8d09205b222fe3eb2dd035df43a0129d91e486f42ce6bf8a8a36e26537633e48f4c173eaae7002a757d

    • SSDEEP

      98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N61:brCy8l0I4UGC6Dg3yk88np1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks