General

  • Target

    68263a23d93a1720b0288deb1764295c0c41ef340b2415b43b3ce4e06b7cf676

  • Size

    4.1MB

  • Sample

    240509-s15szscc32

  • MD5

    e67637351d335f28db6286e15f657757

  • SHA1

    768c54ac4aec037634a44d5ed91be18a8a54daf0

  • SHA256

    68263a23d93a1720b0288deb1764295c0c41ef340b2415b43b3ce4e06b7cf676

  • SHA512

    d3d3e452a1368a86fbf828f383b6c87f68ee12c6259b849dc5eba51636a0a2995df7ffb1cde5418e1d0cb03d2bb9441f023b2af08c285cb0e3c1c1367490f795

  • SSDEEP

    49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFv:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM

Malware Config

Targets

    • Target

      68263a23d93a1720b0288deb1764295c0c41ef340b2415b43b3ce4e06b7cf676

    • Size

      4.1MB

    • MD5

      e67637351d335f28db6286e15f657757

    • SHA1

      768c54ac4aec037634a44d5ed91be18a8a54daf0

    • SHA256

      68263a23d93a1720b0288deb1764295c0c41ef340b2415b43b3ce4e06b7cf676

    • SHA512

      d3d3e452a1368a86fbf828f383b6c87f68ee12c6259b849dc5eba51636a0a2995df7ffb1cde5418e1d0cb03d2bb9441f023b2af08c285cb0e3c1c1367490f795

    • SSDEEP

      49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFv:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks