General

  • Target

    95d1a8a93f18e1da9b7dc25215409c2c7244cef17a9c7ab5c7bfa5c4cb7611c1

  • Size

    4.1MB

  • Sample

    240516-pv5z1sde43

  • MD5

    f3f1ea24c7557fd69b44b32d848b7aa6

  • SHA1

    f18c7bcbb3231c8147bb799f2e8d1b46bcf30acb

  • SHA256

    95d1a8a93f18e1da9b7dc25215409c2c7244cef17a9c7ab5c7bfa5c4cb7611c1

  • SHA512

    7b32346d7bb6fe4465b611e3b615a9a9061d767c4fe67136f988902f0a8e6d694a0d5e2459719387345f8704ac39b6807ae7e58921011c9add028633bc23a710

  • SSDEEP

    98304:kl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+tX:JT3oWlQMUAMlWxj+tX

Malware Config

Targets

    • Target

      95d1a8a93f18e1da9b7dc25215409c2c7244cef17a9c7ab5c7bfa5c4cb7611c1

    • Size

      4.1MB

    • MD5

      f3f1ea24c7557fd69b44b32d848b7aa6

    • SHA1

      f18c7bcbb3231c8147bb799f2e8d1b46bcf30acb

    • SHA256

      95d1a8a93f18e1da9b7dc25215409c2c7244cef17a9c7ab5c7bfa5c4cb7611c1

    • SHA512

      7b32346d7bb6fe4465b611e3b615a9a9061d767c4fe67136f988902f0a8e6d694a0d5e2459719387345f8704ac39b6807ae7e58921011c9add028633bc23a710

    • SSDEEP

      98304:kl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+tX:JT3oWlQMUAMlWxj+tX

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks