General

  • Target

    9e2c41b4085b3d9ea794d66d70d4d2b2b04ec54a84faf780f0ec46310fdfe91f

  • Size

    4.1MB

  • Sample

    240516-plgk3acc7v

  • MD5

    d9703596088492d4d7d23e7464ca6d24

  • SHA1

    cec8363e3f4b69f6ba9fd304fb5f951fc9547d76

  • SHA256

    9e2c41b4085b3d9ea794d66d70d4d2b2b04ec54a84faf780f0ec46310fdfe91f

  • SHA512

    af7ba3881c4fa8c7dd173f77f6ccf92d35ecea98c0dfdc2662031e103589ea6095fb26fff2e646760557ded6b38edf7794cc65692329bc61184d65aa49c00740

  • SSDEEP

    98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8G:dlgkYS1OmbburVLyO2P5x7Yb4Q

Malware Config

Targets

    • Target

      9e2c41b4085b3d9ea794d66d70d4d2b2b04ec54a84faf780f0ec46310fdfe91f

    • Size

      4.1MB

    • MD5

      d9703596088492d4d7d23e7464ca6d24

    • SHA1

      cec8363e3f4b69f6ba9fd304fb5f951fc9547d76

    • SHA256

      9e2c41b4085b3d9ea794d66d70d4d2b2b04ec54a84faf780f0ec46310fdfe91f

    • SHA512

      af7ba3881c4fa8c7dd173f77f6ccf92d35ecea98c0dfdc2662031e103589ea6095fb26fff2e646760557ded6b38edf7794cc65692329bc61184d65aa49c00740

    • SSDEEP

      98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8G:dlgkYS1OmbburVLyO2P5x7Yb4Q

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks