General

  • Target

    869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201

  • Size

    4.1MB

  • Sample

    240516-pv2mlach7z

  • MD5

    e4829369d712c9f3ea9e47bbafdab7d8

  • SHA1

    af1a5f98bf6a9e9c41c409019432357ad07641e3

  • SHA256

    869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201

  • SHA512

    fc80bb17cd7c8f0def79d7481a60e2ff40b4f3372c50cde0a16ed4c4b4140fa4c374f9d3d309ce1abb809d2414a58deecf27b63eb21e415ae0801d51b8694e56

  • SSDEEP

    98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+ty:hT3oWlQMUAMlWxj+ty

Malware Config

Targets

    • Target

      869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201

    • Size

      4.1MB

    • MD5

      e4829369d712c9f3ea9e47bbafdab7d8

    • SHA1

      af1a5f98bf6a9e9c41c409019432357ad07641e3

    • SHA256

      869086676503ef842045aa014b52cc86549e5629781839500a5da88c36ad7201

    • SHA512

      fc80bb17cd7c8f0def79d7481a60e2ff40b4f3372c50cde0a16ed4c4b4140fa4c374f9d3d309ce1abb809d2414a58deecf27b63eb21e415ae0801d51b8694e56

    • SSDEEP

      98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+ty:hT3oWlQMUAMlWxj+ty

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks