General

  • Target

    e73bc77da7178e1d79261350e080106e9ca62f627eced30d0f78acf6752c1658

  • Size

    4.1MB

  • Sample

    231028-1db66adf4v

  • MD5

    05892f3654f0f678488f4b747d4be0c9

  • SHA1

    0c2136ded2544536f74853edad6967b7a35bb257

  • SHA256

    e73bc77da7178e1d79261350e080106e9ca62f627eced30d0f78acf6752c1658

  • SHA512

    8cfa55cd969ebd102d41f7e174522b41a0c0ca048226ef001bbbc055179099b277dce5a4d3946d10c2672fb0271585078e9c74f0e2dd2d739f33ac5d371982d6

  • SSDEEP

    98304:mrJ1/PL7PkMRfe+PdqMQcIJNuIeVTX7Carm2LJcycQ0FOlj5V:oJx/PTf+QIJNujNWgrcphO/V

Malware Config

Targets

    • Target

      e73bc77da7178e1d79261350e080106e9ca62f627eced30d0f78acf6752c1658

    • Size

      4.1MB

    • MD5

      05892f3654f0f678488f4b747d4be0c9

    • SHA1

      0c2136ded2544536f74853edad6967b7a35bb257

    • SHA256

      e73bc77da7178e1d79261350e080106e9ca62f627eced30d0f78acf6752c1658

    • SHA512

      8cfa55cd969ebd102d41f7e174522b41a0c0ca048226ef001bbbc055179099b277dce5a4d3946d10c2672fb0271585078e9c74f0e2dd2d739f33ac5d371982d6

    • SSDEEP

      98304:mrJ1/PL7PkMRfe+PdqMQcIJNuIeVTX7Carm2LJcycQ0FOlj5V:oJx/PTf+QIJNujNWgrcphO/V

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks