General

  • Target

    eadaf06f336a1fe051afe15031fdfd8923b19b558a1c2b701dff190ccc255a6c

  • Size

    4.1MB

  • Sample

    240519-gazy9scg31

  • MD5

    aeb995e04f04a11e9449d3d1625f118a

  • SHA1

    e53c0e6554de5b0c58e7ca41b6625f02d04aad8c

  • SHA256

    eadaf06f336a1fe051afe15031fdfd8923b19b558a1c2b701dff190ccc255a6c

  • SHA512

    bb710f07853584866d3773cd7a31780e009bc0bc794da060858ad8675909fa03f53f84db727cfcde84ac23874ae609d082931dc9e5fcafb47b905c9935f9d614

  • SSDEEP

    98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yv:cW16ulMesXlnBp/sjruCqmtIOva8

Malware Config

Targets

    • Target

      eadaf06f336a1fe051afe15031fdfd8923b19b558a1c2b701dff190ccc255a6c

    • Size

      4.1MB

    • MD5

      aeb995e04f04a11e9449d3d1625f118a

    • SHA1

      e53c0e6554de5b0c58e7ca41b6625f02d04aad8c

    • SHA256

      eadaf06f336a1fe051afe15031fdfd8923b19b558a1c2b701dff190ccc255a6c

    • SHA512

      bb710f07853584866d3773cd7a31780e009bc0bc794da060858ad8675909fa03f53f84db727cfcde84ac23874ae609d082931dc9e5fcafb47b905c9935f9d614

    • SSDEEP

      98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yv:cW16ulMesXlnBp/sjruCqmtIOva8

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks