General

  • Target

    ad608350e2b487b24f3ab094e260f17a9daf891a96a101008eae06f53e5ed423

  • Size

    4.1MB

  • Sample

    240516-pm2bvsda52

  • MD5

    cb014422e9eb65da730cb74daf6cc8a1

  • SHA1

    ebbe22918b85961254d38ba4f9948e78a47ee2c3

  • SHA256

    ad608350e2b487b24f3ab094e260f17a9daf891a96a101008eae06f53e5ed423

  • SHA512

    e8bfaf38f3f28452ff1be6b087e4b34a67fb93ec7ec8e85291f06b7699dc96cdde2d137b0dc21ee9b42538c08121910816e77388ea0c4eb38a7a4d31b7537480

  • SSDEEP

    98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU84:dlgkYS1OmbburVLyO2P5x7Yb4q

Malware Config

Targets

    • Target

      ad608350e2b487b24f3ab094e260f17a9daf891a96a101008eae06f53e5ed423

    • Size

      4.1MB

    • MD5

      cb014422e9eb65da730cb74daf6cc8a1

    • SHA1

      ebbe22918b85961254d38ba4f9948e78a47ee2c3

    • SHA256

      ad608350e2b487b24f3ab094e260f17a9daf891a96a101008eae06f53e5ed423

    • SHA512

      e8bfaf38f3f28452ff1be6b087e4b34a67fb93ec7ec8e85291f06b7699dc96cdde2d137b0dc21ee9b42538c08121910816e77388ea0c4eb38a7a4d31b7537480

    • SSDEEP

      98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU84:dlgkYS1OmbburVLyO2P5x7Yb4q

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks