General

  • Target

    d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184

  • Size

    4.1MB

  • Sample

    240519-gac5hacf9t

  • MD5

    ba7e41c248ff54f89b1b633f5674460e

  • SHA1

    82da9cb6853bde05962905babe7aeeb3d7d640d3

  • SHA256

    d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184

  • SHA512

    f83c1c0c7859a340de9be6cc2ec06063c8250c0f4c1d7b120f8c1c08ac6e50ed72be013a39097216f435ec79c40016f520891f205011ef139ee7eaf04193931b

  • SSDEEP

    98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yi:kW16ulMesXlnBp/sjruCqmtIOva1

Malware Config

Targets

    • Target

      d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184

    • Size

      4.1MB

    • MD5

      ba7e41c248ff54f89b1b633f5674460e

    • SHA1

      82da9cb6853bde05962905babe7aeeb3d7d640d3

    • SHA256

      d7f964cfd25a379e65efe8354ff96bea7c313189c90661a1f5aaed6795e64184

    • SHA512

      f83c1c0c7859a340de9be6cc2ec06063c8250c0f4c1d7b120f8c1c08ac6e50ed72be013a39097216f435ec79c40016f520891f205011ef139ee7eaf04193931b

    • SSDEEP

      98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yi:kW16ulMesXlnBp/sjruCqmtIOva1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks