General

  • Target

    6e87719037a6279feb55f55efebf17589ac68e19964f59670bc82237051289ca

  • Size

    4.1MB

  • Sample

    230717-sdlftsde8y

  • MD5

    961efacd1741eb68dd4d4cc51d27a73f

  • SHA1

    8cd91644d43d7ffff36e2d9612eee5c02221f631

  • SHA256

    6e87719037a6279feb55f55efebf17589ac68e19964f59670bc82237051289ca

  • SHA512

    25c2c446c1170719ce53a6065c110bf0ab246e2c1afa104d7191256cf4fb4ef33cd19eee37c1265b747b633c1be6ed1a860375fdbc00b1a353eb3aca15aa6914

  • SSDEEP

    49152:8CARxnQoh+SxUjblCCRlt/pBzA17SD0X4gowzBKPpxYPe85xJ5ZlAWPjm/lbuF2J:PmdhPxKBntfeuwJojpvyFsWK/OE

Malware Config

Targets

    • Target

      6e87719037a6279feb55f55efebf17589ac68e19964f59670bc82237051289ca

    • Size

      4.1MB

    • MD5

      961efacd1741eb68dd4d4cc51d27a73f

    • SHA1

      8cd91644d43d7ffff36e2d9612eee5c02221f631

    • SHA256

      6e87719037a6279feb55f55efebf17589ac68e19964f59670bc82237051289ca

    • SHA512

      25c2c446c1170719ce53a6065c110bf0ab246e2c1afa104d7191256cf4fb4ef33cd19eee37c1265b747b633c1be6ed1a860375fdbc00b1a353eb3aca15aa6914

    • SSDEEP

      49152:8CARxnQoh+SxUjblCCRlt/pBzA17SD0X4gowzBKPpxYPe85xJ5ZlAWPjm/lbuF2J:PmdhPxKBntfeuwJojpvyFsWK/OE

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks