General

  • Target

    98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85

  • Size

    4.2MB

  • Sample

    240417-qcr6waab31

  • MD5

    0549d0f6053f8bfea993938568e57da4

  • SHA1

    91f871d30fae3527840438b6f4979eb12fd83d10

  • SHA256

    98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85

  • SHA512

    71f166402c809d2f5e6190d0472e9227eaa27f147f4af6497594cc23abb69624a6ae3a0c5991b1ae9ffb323a86420aef35c97c2ec1a97cfd8e7023e853a08a0b

  • SSDEEP

    98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliz:YPIhkJiF6OSCTez0RwjGiZklo

Malware Config

Targets

    • Target

      98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85

    • Size

      4.2MB

    • MD5

      0549d0f6053f8bfea993938568e57da4

    • SHA1

      91f871d30fae3527840438b6f4979eb12fd83d10

    • SHA256

      98e834844596c0eea2d4f685313201c06fc9205235ccd66298148af82b211e85

    • SHA512

      71f166402c809d2f5e6190d0472e9227eaa27f147f4af6497594cc23abb69624a6ae3a0c5991b1ae9ffb323a86420aef35c97c2ec1a97cfd8e7023e853a08a0b

    • SSDEEP

      98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliz:YPIhkJiF6OSCTez0RwjGiZklo

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks