General

  • Target

    ec05242db57bc5ccf351962222b4cfbdb43e3bd14a53d47534dc4a932f017d6f

  • Size

    4.1MB

  • Sample

    240515-pvbfeahg31

  • MD5

    768b03574747b8e8231be75753f694af

  • SHA1

    4754d9aeaae0a143c37119425fafbf15b7c57349

  • SHA256

    ec05242db57bc5ccf351962222b4cfbdb43e3bd14a53d47534dc4a932f017d6f

  • SHA512

    64d072c86e59a9bf275dbf62561a640332c205b639272569b0cac0b205236f6106c558078fbf9d91947173da9310352aa4a23daa78a4d56c58a0c444b1fa2b8a

  • SSDEEP

    98304:X1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwaK:XsSSLiykDAqj7OID3L1C5K

Malware Config

Targets

    • Target

      ec05242db57bc5ccf351962222b4cfbdb43e3bd14a53d47534dc4a932f017d6f

    • Size

      4.1MB

    • MD5

      768b03574747b8e8231be75753f694af

    • SHA1

      4754d9aeaae0a143c37119425fafbf15b7c57349

    • SHA256

      ec05242db57bc5ccf351962222b4cfbdb43e3bd14a53d47534dc4a932f017d6f

    • SHA512

      64d072c86e59a9bf275dbf62561a640332c205b639272569b0cac0b205236f6106c558078fbf9d91947173da9310352aa4a23daa78a4d56c58a0c444b1fa2b8a

    • SSDEEP

      98304:X1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwaK:XsSSLiykDAqj7OID3L1C5K

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks