General

  • Target

    6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657

  • Size

    4.1MB

  • Sample

    240509-qgsyzabc71

  • MD5

    8b47d251147c4dcd8104e4fc584e4a5f

  • SHA1

    0e33836e94b09069c1741786d8653c0cb884e6ef

  • SHA256

    6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657

  • SHA512

    ee168313123ef893ef91f56bbcae37350d6ad41073caef23c4f3b6ba2f127fa0194bdbed2f5d724d60fd982c56ef786cf94dfca5243cd134521a60ecf68d5022

  • SSDEEP

    98304:MsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA2:fQZcza2WcnIxBnXOdJK+3UA2

Malware Config

Targets

    • Target

      6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657

    • Size

      4.1MB

    • MD5

      8b47d251147c4dcd8104e4fc584e4a5f

    • SHA1

      0e33836e94b09069c1741786d8653c0cb884e6ef

    • SHA256

      6132e0aaef22ed9bec6af70e0b17e85c656843e484d1adf0fd9f536778083657

    • SHA512

      ee168313123ef893ef91f56bbcae37350d6ad41073caef23c4f3b6ba2f127fa0194bdbed2f5d724d60fd982c56ef786cf94dfca5243cd134521a60ecf68d5022

    • SSDEEP

      98304:MsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA2:fQZcza2WcnIxBnXOdJK+3UA2

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks