General

  • Target

    60033252aa44a8a5a18b5636302aee76d6100082240e58f298e1211ae3573db1

  • Size

    4.1MB

  • Sample

    240509-qjqavsed24

  • MD5

    84a7ebdae546928bf3a393484b52d396

  • SHA1

    38dabde924a41fdcd10dbb2d3b6aa9630a41f5a8

  • SHA256

    60033252aa44a8a5a18b5636302aee76d6100082240e58f298e1211ae3573db1

  • SHA512

    09875c7c8904a1b0176c8541f525db49d237a392cda7d3999bf8b0178170bbaa0034c2b24ab426794f44e76df09f087c2fd8cb145efdd2436306a22e0242adfc

  • SSDEEP

    98304:8sY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA+:PQZcza2WcnIxBnXOdJK+3UA+

Malware Config

Targets

    • Target

      60033252aa44a8a5a18b5636302aee76d6100082240e58f298e1211ae3573db1

    • Size

      4.1MB

    • MD5

      84a7ebdae546928bf3a393484b52d396

    • SHA1

      38dabde924a41fdcd10dbb2d3b6aa9630a41f5a8

    • SHA256

      60033252aa44a8a5a18b5636302aee76d6100082240e58f298e1211ae3573db1

    • SHA512

      09875c7c8904a1b0176c8541f525db49d237a392cda7d3999bf8b0178170bbaa0034c2b24ab426794f44e76df09f087c2fd8cb145efdd2436306a22e0242adfc

    • SSDEEP

      98304:8sY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahA+:PQZcza2WcnIxBnXOdJK+3UA+

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks