General

  • Target

    2a6e7d63439f32e71066b57b46184aa830f42d6bb3d304d56e121ed84d381c99

  • Size

    4.2MB

  • Sample

    240417-3ftkbshe97

  • MD5

    614e3ff9e0b112e71f42751e4c4d1588

  • SHA1

    73f9f7d4ea9ebd54addb374512695d6f5612e6dc

  • SHA256

    2a6e7d63439f32e71066b57b46184aa830f42d6bb3d304d56e121ed84d381c99

  • SHA512

    2b0360fc0693feec5d91d795298fa027508db73a6c046619b517238f58d0da64ba023421dcf65c1fa9d79f59c37254543dad484deae985424a3c60d21fd265d9

  • SSDEEP

    98304:6kZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDE:7Z2x3CqNcHdGTLNp+F+8elDE

Malware Config

Targets

    • Target

      2a6e7d63439f32e71066b57b46184aa830f42d6bb3d304d56e121ed84d381c99

    • Size

      4.2MB

    • MD5

      614e3ff9e0b112e71f42751e4c4d1588

    • SHA1

      73f9f7d4ea9ebd54addb374512695d6f5612e6dc

    • SHA256

      2a6e7d63439f32e71066b57b46184aa830f42d6bb3d304d56e121ed84d381c99

    • SHA512

      2b0360fc0693feec5d91d795298fa027508db73a6c046619b517238f58d0da64ba023421dcf65c1fa9d79f59c37254543dad484deae985424a3c60d21fd265d9

    • SSDEEP

      98304:6kZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDE:7Z2x3CqNcHdGTLNp+F+8elDE

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks