General

  • Target

    4b9ee2adec3bdb59f051da6bc8ec8232d4fa833f5ca96e41de94901f1cc2a059

  • Size

    4.1MB

  • Sample

    240516-pmxzfada44

  • MD5

    6374c18960173668ad74b04118d131bf

  • SHA1

    1bb62bece88a95625c8360c2ec76ffc64f87f2a1

  • SHA256

    4b9ee2adec3bdb59f051da6bc8ec8232d4fa833f5ca96e41de94901f1cc2a059

  • SHA512

    a75de4c197839e5a1b1ae97da53d28d9e3833e5f6f69a153c192d61d2db53d008dca633433f0217a379633b5c4a5fdb46a08ad17b0fff818e3e09d741565e95a

  • SSDEEP

    98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8i:dlgkYS1OmbburVLyO2P5x7Yb4I

Malware Config

Targets

    • Target

      4b9ee2adec3bdb59f051da6bc8ec8232d4fa833f5ca96e41de94901f1cc2a059

    • Size

      4.1MB

    • MD5

      6374c18960173668ad74b04118d131bf

    • SHA1

      1bb62bece88a95625c8360c2ec76ffc64f87f2a1

    • SHA256

      4b9ee2adec3bdb59f051da6bc8ec8232d4fa833f5ca96e41de94901f1cc2a059

    • SHA512

      a75de4c197839e5a1b1ae97da53d28d9e3833e5f6f69a153c192d61d2db53d008dca633433f0217a379633b5c4a5fdb46a08ad17b0fff818e3e09d741565e95a

    • SSDEEP

      98304:N/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU8i:dlgkYS1OmbburVLyO2P5x7Yb4I

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks