General

  • Target

    7ab9a8fdfdd139519223deb406bbce44ef4aaab093917bb8df439cbf3beaaed2

  • Size

    4.1MB

  • Sample

    240509-qcb5nadh52

  • MD5

    13e1824574935dc9c15cb1a2c237ba2f

  • SHA1

    4bb0fe4b6d95c5f56e24bce011f96a2f1b346dd3

  • SHA256

    7ab9a8fdfdd139519223deb406bbce44ef4aaab093917bb8df439cbf3beaaed2

  • SHA512

    1dd8c89212c6f810e113233b7a2671dd0f7a9b73ef10224adb3ec9a0f3de2594a2d8af32a56384f48720ddc7696519102cdeae4e3b81931fe014bda2d79dff70

  • SSDEEP

    98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAt:3QZcza2WcnIxBnXOdJK+3UAt

Malware Config

Targets

    • Target

      7ab9a8fdfdd139519223deb406bbce44ef4aaab093917bb8df439cbf3beaaed2

    • Size

      4.1MB

    • MD5

      13e1824574935dc9c15cb1a2c237ba2f

    • SHA1

      4bb0fe4b6d95c5f56e24bce011f96a2f1b346dd3

    • SHA256

      7ab9a8fdfdd139519223deb406bbce44ef4aaab093917bb8df439cbf3beaaed2

    • SHA512

      1dd8c89212c6f810e113233b7a2671dd0f7a9b73ef10224adb3ec9a0f3de2594a2d8af32a56384f48720ddc7696519102cdeae4e3b81931fe014bda2d79dff70

    • SSDEEP

      98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAt:3QZcza2WcnIxBnXOdJK+3UAt

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks