General

  • Target

    c2e06d1600a7b8ef8fd13471000518af76b543663e6acffe2d8e357c41fc178d

  • Size

    4.1MB

  • Sample

    240404-v25kqadf31

  • MD5

    897a0b1374052bd6d219b75915847acb

  • SHA1

    661e840c53bd7c1199546029ebf545848faffd7f

  • SHA256

    c2e06d1600a7b8ef8fd13471000518af76b543663e6acffe2d8e357c41fc178d

  • SHA512

    13bf2e536a6859ca32d601874129b6130093e9665f6d976a704050cd69f1be208b5511aab966f10adc7d443374a3c666c0cfd3d61cc6076fe233b567c0464d03

  • SSDEEP

    98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfa:NMU4iw7Yx2bns7pLfTgfa

Malware Config

Targets

    • Target

      c2e06d1600a7b8ef8fd13471000518af76b543663e6acffe2d8e357c41fc178d

    • Size

      4.1MB

    • MD5

      897a0b1374052bd6d219b75915847acb

    • SHA1

      661e840c53bd7c1199546029ebf545848faffd7f

    • SHA256

      c2e06d1600a7b8ef8fd13471000518af76b543663e6acffe2d8e357c41fc178d

    • SHA512

      13bf2e536a6859ca32d601874129b6130093e9665f6d976a704050cd69f1be208b5511aab966f10adc7d443374a3c666c0cfd3d61cc6076fe233b567c0464d03

    • SSDEEP

      98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfa:NMU4iw7Yx2bns7pLfTgfa

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks