General

  • Target

    4151acbbe2117bb78736d61356731fcb573bcbfcb3d6b98930937c15955bf36e

  • Size

    4.1MB

  • Sample

    240517-pzryyshg3z

  • MD5

    a715231264f90045fe7b685a52b4f236

  • SHA1

    c7d81b49da13e5d1b3e1cac72469e43b4bd44618

  • SHA256

    4151acbbe2117bb78736d61356731fcb573bcbfcb3d6b98930937c15955bf36e

  • SHA512

    9326df9e0b7c040fbb58aa0a45d1db927fe1fc107c6ec290b8dba52f36dd8a7d51242afbfcae88d49d4a12a802295c43e608168ea7c8ff367ef0dd7662c95226

  • SSDEEP

    98304:PBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbC:5a1p4P0l8MfVLMTrC

Malware Config

Targets

    • Target

      4151acbbe2117bb78736d61356731fcb573bcbfcb3d6b98930937c15955bf36e

    • Size

      4.1MB

    • MD5

      a715231264f90045fe7b685a52b4f236

    • SHA1

      c7d81b49da13e5d1b3e1cac72469e43b4bd44618

    • SHA256

      4151acbbe2117bb78736d61356731fcb573bcbfcb3d6b98930937c15955bf36e

    • SHA512

      9326df9e0b7c040fbb58aa0a45d1db927fe1fc107c6ec290b8dba52f36dd8a7d51242afbfcae88d49d4a12a802295c43e608168ea7c8ff367ef0dd7662c95226

    • SSDEEP

      98304:PBVs1p4PpCxl89qkqVHLjfQjDTn2r+NbC:5a1p4P0l8MfVLMTrC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks