General

  • Target

    831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07

  • Size

    4.1MB

  • Sample

    240519-rde4dabb26

  • MD5

    245441f290f9315d150f6ce2090dd30f

  • SHA1

    46bdef0eee88dca718b7efe92d9a38bbb6893b65

  • SHA256

    831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07

  • SHA512

    2fd750a088c637cca7317a6014fe875a6e66f10e15878195c0b13383038a16a07f8d1b78bfb48122982484f31870f1480ffd967c824610b6fcc74521e38ac040

  • SSDEEP

    98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS/:IuOpIddBi3V8Ojm7gWylM939Cm

Malware Config

Targets

    • Target

      831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07

    • Size

      4.1MB

    • MD5

      245441f290f9315d150f6ce2090dd30f

    • SHA1

      46bdef0eee88dca718b7efe92d9a38bbb6893b65

    • SHA256

      831336c61a34f8a71530c2aba43253646922ea840c018e83c1e3b6f70d1d7a07

    • SHA512

      2fd750a088c637cca7317a6014fe875a6e66f10e15878195c0b13383038a16a07f8d1b78bfb48122982484f31870f1480ffd967c824610b6fcc74521e38ac040

    • SSDEEP

      98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS/:IuOpIddBi3V8Ojm7gWylM939Cm

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Blocklisted process makes network request

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks