General

  • Target

    2998eaad3c3529b60f0e3c21c26a844bd47ae089e2b6da5b485508605f7ce7bd

  • Size

    4.1MB

  • Sample

    231211-tg165acgg5

  • MD5

    bf4e5ca5734158d8935ebe4609246704

  • SHA1

    2dbe97858c8f3874b96301bf2350b1443426390e

  • SHA256

    2998eaad3c3529b60f0e3c21c26a844bd47ae089e2b6da5b485508605f7ce7bd

  • SHA512

    27215da3730ae5add001df60ac71c73a500cd104fbdbdefb3cfc1d6366b9e2ac10992668511c3c601f916ec4d0f1e683064dae9344fec72fdbacdfc920bf3092

  • SSDEEP

    98304:GFfV3GNFg4XGQkhTpLXQUx8kN+eS+Tvida3ZJUOkV9qvDZPyn5X:CajmdLXQY8SRTqapJUBPq7Z2

Malware Config

Targets

    • Target

      2998eaad3c3529b60f0e3c21c26a844bd47ae089e2b6da5b485508605f7ce7bd

    • Size

      4.1MB

    • MD5

      bf4e5ca5734158d8935ebe4609246704

    • SHA1

      2dbe97858c8f3874b96301bf2350b1443426390e

    • SHA256

      2998eaad3c3529b60f0e3c21c26a844bd47ae089e2b6da5b485508605f7ce7bd

    • SHA512

      27215da3730ae5add001df60ac71c73a500cd104fbdbdefb3cfc1d6366b9e2ac10992668511c3c601f916ec4d0f1e683064dae9344fec72fdbacdfc920bf3092

    • SSDEEP

      98304:GFfV3GNFg4XGQkhTpLXQUx8kN+eS+Tvida3ZJUOkV9qvDZPyn5X:CajmdLXQY8SRTqapJUBPq7Z2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks