General

  • Target

    fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a

  • Size

    4.1MB

  • Sample

    240509-s2s6kscc65

  • MD5

    c0769a2b7c2e1b2067c34570118f1ab9

  • SHA1

    75e2c26589ce40a0b5c4f38829238e3b2966bbde

  • SHA256

    fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a

  • SHA512

    be5d96e311d2ea5226b0bb6d66f795e94e79e063e8a6fbae7d9c192274e5b41487a714cf22f7bd160cdaa67033207e3b80b4685f41e8e09211e185583584ff1d

  • SSDEEP

    49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFU:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqj

Malware Config

Targets

    • Target

      fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a

    • Size

      4.1MB

    • MD5

      c0769a2b7c2e1b2067c34570118f1ab9

    • SHA1

      75e2c26589ce40a0b5c4f38829238e3b2966bbde

    • SHA256

      fbf99c761c666a198e2170c2c369051331448aa617ec9d99ea27e7873de6d83a

    • SHA512

      be5d96e311d2ea5226b0bb6d66f795e94e79e063e8a6fbae7d9c192274e5b41487a714cf22f7bd160cdaa67033207e3b80b4685f41e8e09211e185583584ff1d

    • SSDEEP

      49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFU:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks