General

  • Target

    4c71ce019072db6763adc78098d30159743f6dd1a2672b4f743392352acde788

  • Size

    4.1MB

  • Sample

    240519-1m4yjabf4z

  • MD5

    452b6c70c86f7ad78c84af5407d4c769

  • SHA1

    240f462eb3e7d06dfc3b7aef55684e3c48f47c65

  • SHA256

    4c71ce019072db6763adc78098d30159743f6dd1a2672b4f743392352acde788

  • SHA512

    7ac958df103493e28ed1411de2259b658ee07ece24ee3ddf0c754570a4d4d0466aeb2b92bfcb15180efe4a91d03ce8d4a85dfb1b367618eda1e10e6f9a43c25a

  • SSDEEP

    98304:UX33DbWGkLHuFK+TwQmBC6reQ4TTNXYvI8KgvjrB0r/:UXPWAwQyCdJYw8Kgg/

Malware Config

Targets

    • Target

      4c71ce019072db6763adc78098d30159743f6dd1a2672b4f743392352acde788

    • Size

      4.1MB

    • MD5

      452b6c70c86f7ad78c84af5407d4c769

    • SHA1

      240f462eb3e7d06dfc3b7aef55684e3c48f47c65

    • SHA256

      4c71ce019072db6763adc78098d30159743f6dd1a2672b4f743392352acde788

    • SHA512

      7ac958df103493e28ed1411de2259b658ee07ece24ee3ddf0c754570a4d4d0466aeb2b92bfcb15180efe4a91d03ce8d4a85dfb1b367618eda1e10e6f9a43c25a

    • SSDEEP

      98304:UX33DbWGkLHuFK+TwQmBC6reQ4TTNXYvI8KgvjrB0r/:UXPWAwQyCdJYw8Kgg/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks