General

  • Target

    f2bef0c616f4ab4af318f6662def965335005c15e2d7849d7f5cf4cf7e9f67d9

  • Size

    4.1MB

  • Sample

    240515-lsb3dabh53

  • MD5

    65f72e53aa6bfaa4175fc907b9b362a1

  • SHA1

    b1472e768a0b65f65e649e7f9267195183c7b8c6

  • SHA256

    f2bef0c616f4ab4af318f6662def965335005c15e2d7849d7f5cf4cf7e9f67d9

  • SHA512

    c73c93c0a907435b39aca11afd51dcee7c941540d2c1f62642727b23957aaaa3ba2c665b55e55bce6e26dd458911377f71eaf64fad7a96f8a090f08d6b35a8aa

  • SSDEEP

    98304:LrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6c:LrCy8l0I4UGC6Dg3yk88npc

Malware Config

Targets

    • Target

      f2bef0c616f4ab4af318f6662def965335005c15e2d7849d7f5cf4cf7e9f67d9

    • Size

      4.1MB

    • MD5

      65f72e53aa6bfaa4175fc907b9b362a1

    • SHA1

      b1472e768a0b65f65e649e7f9267195183c7b8c6

    • SHA256

      f2bef0c616f4ab4af318f6662def965335005c15e2d7849d7f5cf4cf7e9f67d9

    • SHA512

      c73c93c0a907435b39aca11afd51dcee7c941540d2c1f62642727b23957aaaa3ba2c665b55e55bce6e26dd458911377f71eaf64fad7a96f8a090f08d6b35a8aa

    • SSDEEP

      98304:LrCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6c:LrCy8l0I4UGC6Dg3yk88npc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks