General

  • Target

    e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c

  • Size

    4.1MB

  • Sample

    230917-pbk6haac3w

  • MD5

    9dc322be85cf4d6bf7992dad07d8ed28

  • SHA1

    b3e7dd20e3fc01403c92800be7e92eb44055e896

  • SHA256

    e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c

  • SHA512

    c91b585ee687c8f6ed5753859f8dd6a3ecc448d83ef9897315d9da91a8b85173033895300f7ffa16427b721f3229c4610e9e5fbf1ad24d42e082699744e916aa

  • SSDEEP

    98304:8W+dvbXW43PB1Oquxod3aHYyxuubZoHSYxLcEKSMhWazyRQU+W0YH93zTuE2:81JXW43PN44yxuu9GJcTSMW883SYHQ9

Malware Config

Targets

    • Target

      e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c

    • Size

      4.1MB

    • MD5

      9dc322be85cf4d6bf7992dad07d8ed28

    • SHA1

      b3e7dd20e3fc01403c92800be7e92eb44055e896

    • SHA256

      e7842b156944cb494e606ddca5eaac4bd453a41d9e9f773bc2004d924c198a9c

    • SHA512

      c91b585ee687c8f6ed5753859f8dd6a3ecc448d83ef9897315d9da91a8b85173033895300f7ffa16427b721f3229c4610e9e5fbf1ad24d42e082699744e916aa

    • SSDEEP

      98304:8W+dvbXW43PB1Oquxod3aHYyxuubZoHSYxLcEKSMhWazyRQU+W0YH93zTuE2:81JXW43PN44yxuu9GJcTSMW883SYHQ9

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks