General

  • Target

    7f6d87353b1d9ac4016e2444aa357427a925e7f9e1bbe132cb660dc8b0cd6584

  • Size

    4.2MB

  • Sample

    240419-hyxdqabe89

  • MD5

    d6520de37e80f190a8bed34b9e454dc1

  • SHA1

    2f1ad988b14d26102d5fe00093d27bde413af063

  • SHA256

    7f6d87353b1d9ac4016e2444aa357427a925e7f9e1bbe132cb660dc8b0cd6584

  • SHA512

    686314c2e5971bb910177edc2bf8714d5ea3bfc5329889cbd8b8422083ac0be8fcee1d2469f606fcb191ea54dbba06bbe5a7a0516ebd92709e01e5612082f7a7

  • SSDEEP

    98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/47:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ47

Malware Config

Targets

    • Target

      7f6d87353b1d9ac4016e2444aa357427a925e7f9e1bbe132cb660dc8b0cd6584

    • Size

      4.2MB

    • MD5

      d6520de37e80f190a8bed34b9e454dc1

    • SHA1

      2f1ad988b14d26102d5fe00093d27bde413af063

    • SHA256

      7f6d87353b1d9ac4016e2444aa357427a925e7f9e1bbe132cb660dc8b0cd6584

    • SHA512

      686314c2e5971bb910177edc2bf8714d5ea3bfc5329889cbd8b8422083ac0be8fcee1d2469f606fcb191ea54dbba06bbe5a7a0516ebd92709e01e5612082f7a7

    • SSDEEP

      98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/47:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ47

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks