General

  • Target

    d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0

  • Size

    4.2MB

  • Sample

    240411-e7k59sfe7z

  • MD5

    b7cf5bfd6800b6da4e8a4574f1545ff6

  • SHA1

    a4ad3d7ab7099b8713dff5caef627bd2e67fc73b

  • SHA256

    d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0

  • SHA512

    18db551f1d921c2c7f80fe7dd2a20bd7c0aebee8f736fe15739fa5487bae7b5cd82dddfb4fec65cd5aaabbd975270c24a0202e21e5f8bb6f8d6453b8cc83b3b6

  • SSDEEP

    98304:GN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpY:+MStpnhFVxbz9J5TfH6

Malware Config

Targets

    • Target

      d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0

    • Size

      4.2MB

    • MD5

      b7cf5bfd6800b6da4e8a4574f1545ff6

    • SHA1

      a4ad3d7ab7099b8713dff5caef627bd2e67fc73b

    • SHA256

      d6336d8e78363e4454bc05171325227362478b3ca8a00e97e9dbb74db1f8a0b0

    • SHA512

      18db551f1d921c2c7f80fe7dd2a20bd7c0aebee8f736fe15739fa5487bae7b5cd82dddfb4fec65cd5aaabbd975270c24a0202e21e5f8bb6f8d6453b8cc83b3b6

    • SSDEEP

      98304:GN82p1RaOBrZprThm2bJPX/vLZtLQqJmAlvHFH02ncDWTfHpY:+MStpnhFVxbz9J5TfH6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks