General

  • Target

    50a293e4e7599db16d9d573d3a4f34a48422f4f8517cba105b0b0f90d1eba37e

  • Size

    4.1MB

  • Sample

    240519-rc8pasba96

  • MD5

    e58d1153bc8172c3df9e53d601aecbaf

  • SHA1

    eb36698471b8f27a30f112b4d813d9d7140b9a70

  • SHA256

    50a293e4e7599db16d9d573d3a4f34a48422f4f8517cba105b0b0f90d1eba37e

  • SHA512

    7eae257b03e4957930c2a318b19717f713e079432a5d30d83438d6386e90dca41973031128f7b324e8c00eacf68df23746ff5476a16c8876823c4d521f39e9f7

  • SSDEEP

    98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSS:IuOpIddBi3V8Ojm7gWylM939C3

Malware Config

Targets

    • Target

      50a293e4e7599db16d9d573d3a4f34a48422f4f8517cba105b0b0f90d1eba37e

    • Size

      4.1MB

    • MD5

      e58d1153bc8172c3df9e53d601aecbaf

    • SHA1

      eb36698471b8f27a30f112b4d813d9d7140b9a70

    • SHA256

      50a293e4e7599db16d9d573d3a4f34a48422f4f8517cba105b0b0f90d1eba37e

    • SHA512

      7eae257b03e4957930c2a318b19717f713e079432a5d30d83438d6386e90dca41973031128f7b324e8c00eacf68df23746ff5476a16c8876823c4d521f39e9f7

    • SSDEEP

      98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSS:IuOpIddBi3V8Ojm7gWylM939C3

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks