General

  • Target

    21a8fa129fcd394da0536b1bebb15c7dc9c2033e002ebda7e4267339466d815d

  • Size

    4.1MB

  • Sample

    240519-gaey4acf9x

  • MD5

    f560113dabdc26f0534175cd1b3f8e42

  • SHA1

    33b90d6ddef508838c9496f38cf9c87edcc9d227

  • SHA256

    21a8fa129fcd394da0536b1bebb15c7dc9c2033e002ebda7e4267339466d815d

  • SHA512

    4c69ce696017a848d1d3410af5b00bb8e0ec06d2b261db6b3ae51bdcb662ceab88fff87306a2e7e428e6dd024ebc4b8d4d79a7d963e50544507649105df60723

  • SSDEEP

    98304:8WlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Y9:8W16ulMesXlnBp/sjruCqmtIOvam

Malware Config

Targets

    • Target

      21a8fa129fcd394da0536b1bebb15c7dc9c2033e002ebda7e4267339466d815d

    • Size

      4.1MB

    • MD5

      f560113dabdc26f0534175cd1b3f8e42

    • SHA1

      33b90d6ddef508838c9496f38cf9c87edcc9d227

    • SHA256

      21a8fa129fcd394da0536b1bebb15c7dc9c2033e002ebda7e4267339466d815d

    • SHA512

      4c69ce696017a848d1d3410af5b00bb8e0ec06d2b261db6b3ae51bdcb662ceab88fff87306a2e7e428e6dd024ebc4b8d4d79a7d963e50544507649105df60723

    • SSDEEP

      98304:8WlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Y9:8W16ulMesXlnBp/sjruCqmtIOvam

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks