General

  • Target

    efc73c9797822a16ff47d51a398a0dad583fe49e7326ee54c5af199032bed47e

  • Size

    4.1MB

  • Sample

    240516-py2rrsdb61

  • MD5

    4c3e68699d947fc838d86fb65ae61c62

  • SHA1

    9ebfa2b4b2d50e2fd2844edaf55b665fd8734de0

  • SHA256

    efc73c9797822a16ff47d51a398a0dad583fe49e7326ee54c5af199032bed47e

  • SHA512

    4bef7f426df1b8b4895cee594594049f158772cb11834786cbfe623db0a0201f83a972c620931f5b7e8dd57e80b7813eee2ffea51071dc27b7164d6b800cd133

  • SSDEEP

    98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+tJ:hT3oWlQMUAMlWxj+tJ

Malware Config

Targets

    • Target

      efc73c9797822a16ff47d51a398a0dad583fe49e7326ee54c5af199032bed47e

    • Size

      4.1MB

    • MD5

      4c3e68699d947fc838d86fb65ae61c62

    • SHA1

      9ebfa2b4b2d50e2fd2844edaf55b665fd8734de0

    • SHA256

      efc73c9797822a16ff47d51a398a0dad583fe49e7326ee54c5af199032bed47e

    • SHA512

      4bef7f426df1b8b4895cee594594049f158772cb11834786cbfe623db0a0201f83a972c620931f5b7e8dd57e80b7813eee2ffea51071dc27b7164d6b800cd133

    • SSDEEP

      98304:cl9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+tJ:hT3oWlQMUAMlWxj+tJ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks