General

  • Target

    e1d675104772847480a0fe35ea208c6ba3299a2d2d02ac67a0330e64250a6dda

  • Size

    4.1MB

  • Sample

    240515-pr6r5shf2x

  • MD5

    fe9d29f1cb773ae9cdb187ca6055a693

  • SHA1

    b8dc01d77679b05e2a14e7c98c0a75246a8d6a15

  • SHA256

    e1d675104772847480a0fe35ea208c6ba3299a2d2d02ac67a0330e64250a6dda

  • SHA512

    0fb5a3b008849cc175cd4d865519aeb75853204ef504bc8afd42e2520bb92caaebbdbea122520f495282297a1bd93135b9de34ff700c73eac3135f1a11c28395

  • SSDEEP

    98304:f1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwal:fsSSLiykDAqj7OID3L1C5l

Malware Config

Targets

    • Target

      e1d675104772847480a0fe35ea208c6ba3299a2d2d02ac67a0330e64250a6dda

    • Size

      4.1MB

    • MD5

      fe9d29f1cb773ae9cdb187ca6055a693

    • SHA1

      b8dc01d77679b05e2a14e7c98c0a75246a8d6a15

    • SHA256

      e1d675104772847480a0fe35ea208c6ba3299a2d2d02ac67a0330e64250a6dda

    • SHA512

      0fb5a3b008849cc175cd4d865519aeb75853204ef504bc8afd42e2520bb92caaebbdbea122520f495282297a1bd93135b9de34ff700c73eac3135f1a11c28395

    • SSDEEP

      98304:f1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwal:fsSSLiykDAqj7OID3L1C5l

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks