General

  • Target

    1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3

  • Size

    4.2MB

  • Sample

    240420-kcg31sce57

  • MD5

    a013daabe270ebe2c28541a250891db8

  • SHA1

    68ab70479f15b061dc9253d8fc0d37dcb39b0891

  • SHA256

    1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3

  • SHA512

    38a1b2bef6470894476b7538cd11dd67b7d75f3a904e54a574790485867f5729945b34823f0bc0a9457b3a3142a9145956ef3d11e89f39dc983dd33974b6fef5

  • SSDEEP

    98304:KS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORj:LEcJzF4UNHqA/dsmoVS4YAf19I

Malware Config

Targets

    • Target

      1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3

    • Size

      4.2MB

    • MD5

      a013daabe270ebe2c28541a250891db8

    • SHA1

      68ab70479f15b061dc9253d8fc0d37dcb39b0891

    • SHA256

      1dd1b50c5937f355aaa536945e4b2dbcfe9225fc091cbe3af934a94db01acfe3

    • SHA512

      38a1b2bef6470894476b7538cd11dd67b7d75f3a904e54a574790485867f5729945b34823f0bc0a9457b3a3142a9145956ef3d11e89f39dc983dd33974b6fef5

    • SSDEEP

      98304:KS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORj:LEcJzF4UNHqA/dsmoVS4YAf19I

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks