General

  • Target

    144558d5e915551a1bd14713996ed14984fe65732fd8e37ba3c00d0f08fb3b9e

  • Size

    4.1MB

  • Sample

    240517-pqxg3she86

  • MD5

    ff1a81647dfec11f37a856274b536c4d

  • SHA1

    fabeb30f26c227ca4ca854ff4fdf420a5fb1576f

  • SHA256

    144558d5e915551a1bd14713996ed14984fe65732fd8e37ba3c00d0f08fb3b9e

  • SHA512

    ec400c8e41f93639069202a83694a549f7b0e40a494d002d2ec4fc6e1d8e5ef0bf8fb4a4d19b1b478942b4f208eac0c8525c3493ae87ce2758189ec2cd1eea77

  • SSDEEP

    98304:Md7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErr:ORMSLQaVNfPUP9FaqUIATxXaCdFFREne

Malware Config

Targets

    • Target

      144558d5e915551a1bd14713996ed14984fe65732fd8e37ba3c00d0f08fb3b9e

    • Size

      4.1MB

    • MD5

      ff1a81647dfec11f37a856274b536c4d

    • SHA1

      fabeb30f26c227ca4ca854ff4fdf420a5fb1576f

    • SHA256

      144558d5e915551a1bd14713996ed14984fe65732fd8e37ba3c00d0f08fb3b9e

    • SHA512

      ec400c8e41f93639069202a83694a549f7b0e40a494d002d2ec4fc6e1d8e5ef0bf8fb4a4d19b1b478942b4f208eac0c8525c3493ae87ce2758189ec2cd1eea77

    • SSDEEP

      98304:Md7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErr:ORMSLQaVNfPUP9FaqUIATxXaCdFFREne

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks