General

  • Target

    486862584473fd580b54aa0766f037e0894844794f4aaacbdee23ae1010bb1df

  • Size

    4.1MB

  • Sample

    240517-px2qdahh59

  • MD5

    5ca416e9d1b7f5ea5539e30918f434c0

  • SHA1

    71ebc565916f8310aaeec1496795b98b5bdb5ea0

  • SHA256

    486862584473fd580b54aa0766f037e0894844794f4aaacbdee23ae1010bb1df

  • SHA512

    9dad01215a25905ef3cdf97266866784d251271aa618f37ee45a9e38ff4e2dac40bb0c16c119142f243561c0cfec7b1aef6ea090cb5f1529a0f3d9c7aea9f5da

  • SSDEEP

    98304:XBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbO:Ra1p4P0l8MfVLMTrO

Malware Config

Targets

    • Target

      486862584473fd580b54aa0766f037e0894844794f4aaacbdee23ae1010bb1df

    • Size

      4.1MB

    • MD5

      5ca416e9d1b7f5ea5539e30918f434c0

    • SHA1

      71ebc565916f8310aaeec1496795b98b5bdb5ea0

    • SHA256

      486862584473fd580b54aa0766f037e0894844794f4aaacbdee23ae1010bb1df

    • SHA512

      9dad01215a25905ef3cdf97266866784d251271aa618f37ee45a9e38ff4e2dac40bb0c16c119142f243561c0cfec7b1aef6ea090cb5f1529a0f3d9c7aea9f5da

    • SSDEEP

      98304:XBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbO:Ra1p4P0l8MfVLMTrO

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks