General

  • Target

    7640696d6b9a8807a652fad945bd5b588616181a36e43b93b395a0d8891a400f

  • Size

    4.1MB

  • Sample

    240519-gaaz5scf8z

  • MD5

    3d70432869499e553ea822724dc78518

  • SHA1

    7bd9bdafa74e935bc2cbc9382820db155ccfd321

  • SHA256

    7640696d6b9a8807a652fad945bd5b588616181a36e43b93b395a0d8891a400f

  • SHA512

    1d3dab0c98bac1193346d2ccffb97275fdf31672fe00bd825ae9fd75c1cc347076032c820149ff97e4cafe4b323afa5c2e20ce3033b0ecb2b90450e8c845bada

  • SSDEEP

    98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YM:cW16ulMesXlnBp/sjruCqmtIOvaz

Malware Config

Targets

    • Target

      7640696d6b9a8807a652fad945bd5b588616181a36e43b93b395a0d8891a400f

    • Size

      4.1MB

    • MD5

      3d70432869499e553ea822724dc78518

    • SHA1

      7bd9bdafa74e935bc2cbc9382820db155ccfd321

    • SHA256

      7640696d6b9a8807a652fad945bd5b588616181a36e43b93b395a0d8891a400f

    • SHA512

      1d3dab0c98bac1193346d2ccffb97275fdf31672fe00bd825ae9fd75c1cc347076032c820149ff97e4cafe4b323afa5c2e20ce3033b0ecb2b90450e8c845bada

    • SSDEEP

      98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YM:cW16ulMesXlnBp/sjruCqmtIOvaz

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks