General

  • Target

    398d650cd4f7878dc8047c63f087a03c77b9f707cef82de3709034f28abe195d

  • Size

    4.1MB

  • Sample

    240517-pygftshh78

  • MD5

    aefcacbf3e26a8e93310536c1f43d77e

  • SHA1

    62ca2c7e12b719be3bfd57a3c2a7222bb4b11888

  • SHA256

    398d650cd4f7878dc8047c63f087a03c77b9f707cef82de3709034f28abe195d

  • SHA512

    5360d3fef105e4c4a0d3baf30d4609311695674d3e923b043b5f418ff401a0fec75bd34b2229f00831741da0e0ec2a4836c4c967f059bbbc844830056d5aaa16

  • SSDEEP

    98304:fBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbY:pa1p4P0l8MfVLMTrY

Malware Config

Targets

    • Target

      398d650cd4f7878dc8047c63f087a03c77b9f707cef82de3709034f28abe195d

    • Size

      4.1MB

    • MD5

      aefcacbf3e26a8e93310536c1f43d77e

    • SHA1

      62ca2c7e12b719be3bfd57a3c2a7222bb4b11888

    • SHA256

      398d650cd4f7878dc8047c63f087a03c77b9f707cef82de3709034f28abe195d

    • SHA512

      5360d3fef105e4c4a0d3baf30d4609311695674d3e923b043b5f418ff401a0fec75bd34b2229f00831741da0e0ec2a4836c4c967f059bbbc844830056d5aaa16

    • SSDEEP

      98304:fBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbY:pa1p4P0l8MfVLMTrY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks