General

  • Target

    735bd3bc6bf5a8255420abf4e52b4b461c0f5b6052e14b1d4460d79788ce5c4b

  • Size

    4.2MB

  • Sample

    230608-texe6ahd3z

  • MD5

    cb30c23090963cd03e027b465a6f1ea0

  • SHA1

    4060b19017bd8fdbd7da8c4db8fd69113c5cdaff

  • SHA256

    735bd3bc6bf5a8255420abf4e52b4b461c0f5b6052e14b1d4460d79788ce5c4b

  • SHA512

    3f0fd666d4ed506f2a9bcdfa6210cb666811207997266700cf74532f801a2af08916711a92580f6464ad0bcebf7f79f5ba7d389a9dcb4e202d3274c0dd202d4d

  • SSDEEP

    98304:aDcEtUUijxIxK72LbKEdY4LtLHxmL1FX1kFiy/Et2gq:agyUUil/7dEOG83k4iEtdq

Malware Config

Targets

    • Target

      735bd3bc6bf5a8255420abf4e52b4b461c0f5b6052e14b1d4460d79788ce5c4b

    • Size

      4.2MB

    • MD5

      cb30c23090963cd03e027b465a6f1ea0

    • SHA1

      4060b19017bd8fdbd7da8c4db8fd69113c5cdaff

    • SHA256

      735bd3bc6bf5a8255420abf4e52b4b461c0f5b6052e14b1d4460d79788ce5c4b

    • SHA512

      3f0fd666d4ed506f2a9bcdfa6210cb666811207997266700cf74532f801a2af08916711a92580f6464ad0bcebf7f79f5ba7d389a9dcb4e202d3274c0dd202d4d

    • SSDEEP

      98304:aDcEtUUijxIxK72LbKEdY4LtLHxmL1FX1kFiy/Et2gq:agyUUil/7dEOG83k4iEtdq

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Tasks