General

  • Target

    1a775b89994f9aafe33ef2a463d42f0d08b4ad60d1f8a64a69707883b9266297

  • Size

    4.1MB

  • Sample

    240515-lrszhabg3v

  • MD5

    8b0f1fefbbad303d74f1441eaa39c5b8

  • SHA1

    d12612b215593eedfea5581f84f8999efded977d

  • SHA256

    1a775b89994f9aafe33ef2a463d42f0d08b4ad60d1f8a64a69707883b9266297

  • SHA512

    7e9c7b472e72549ae31bfb020f434d5b86904dac30f2636c916c17d6d62eb01b60074bd8b6aa468dc0113c3a3619c9fba76d42ad4014cca3e15adb10371c2064

  • SSDEEP

    98304:TrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6Y:TrCy8l0I4UGC6Dg3yk88npY

Malware Config

Targets

    • Target

      1a775b89994f9aafe33ef2a463d42f0d08b4ad60d1f8a64a69707883b9266297

    • Size

      4.1MB

    • MD5

      8b0f1fefbbad303d74f1441eaa39c5b8

    • SHA1

      d12612b215593eedfea5581f84f8999efded977d

    • SHA256

      1a775b89994f9aafe33ef2a463d42f0d08b4ad60d1f8a64a69707883b9266297

    • SHA512

      7e9c7b472e72549ae31bfb020f434d5b86904dac30f2636c916c17d6d62eb01b60074bd8b6aa468dc0113c3a3619c9fba76d42ad4014cca3e15adb10371c2064

    • SSDEEP

      98304:TrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6Y:TrCy8l0I4UGC6Dg3yk88npY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks