General

  • Target

    aeee6c8b711783647d26fc58daeef0a3927e0dc611bf14300ed75ca16f772f90

  • Size

    4.1MB

  • Sample

    240516-pllvsacc8s

  • MD5

    7265cf8743bdb57794cac01203b98da7

  • SHA1

    65f2853ec106f7864a2307b2628c9637ad1a8b94

  • SHA256

    aeee6c8b711783647d26fc58daeef0a3927e0dc611bf14300ed75ca16f772f90

  • SHA512

    a030f4eca8f2054bf3a8b2040f41f22f539342aab0d1128808e81196fe1b02ee7d5c0b4af460782bc251a2390988e582ee4067b0abb3a1c98146ea8af39093ce

  • SSDEEP

    98304:l/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU85:VlgkYS1OmbburVLyO2P5x7Yb4D

Malware Config

Targets

    • Target

      aeee6c8b711783647d26fc58daeef0a3927e0dc611bf14300ed75ca16f772f90

    • Size

      4.1MB

    • MD5

      7265cf8743bdb57794cac01203b98da7

    • SHA1

      65f2853ec106f7864a2307b2628c9637ad1a8b94

    • SHA256

      aeee6c8b711783647d26fc58daeef0a3927e0dc611bf14300ed75ca16f772f90

    • SHA512

      a030f4eca8f2054bf3a8b2040f41f22f539342aab0d1128808e81196fe1b02ee7d5c0b4af460782bc251a2390988e582ee4067b0abb3a1c98146ea8af39093ce

    • SSDEEP

      98304:l/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU85:VlgkYS1OmbburVLyO2P5x7Yb4D

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks