General

  • Target

    6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9

  • Size

    4.1MB

  • Sample

    240404-v2v2aadf2z

  • MD5

    724c1ea556e8b35de744e16dd95d8073

  • SHA1

    0225b7941de3659e23593b705cad5bf347cf1be0

  • SHA256

    6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9

  • SHA512

    0beddb282e11e61fb711ecb3f33d00d56754885124e293949220c883ab21bc51f8ac3153a10dfa7490ff1cdae8184da278f8bc7cb92518c01f9778cbe9fe8b46

  • SSDEEP

    98304:LH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf5R:1MU4iw7Yx2bns7pLfTgf/

Malware Config

Targets

    • Target

      6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9

    • Size

      4.1MB

    • MD5

      724c1ea556e8b35de744e16dd95d8073

    • SHA1

      0225b7941de3659e23593b705cad5bf347cf1be0

    • SHA256

      6b0801f293f48c47ae247d807e8b4369f0e4fdb2a60f7535d3193a38b492a6c9

    • SHA512

      0beddb282e11e61fb711ecb3f33d00d56754885124e293949220c883ab21bc51f8ac3153a10dfa7490ff1cdae8184da278f8bc7cb92518c01f9778cbe9fe8b46

    • SSDEEP

      98304:LH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf5R:1MU4iw7Yx2bns7pLfTgf/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks