General

  • Target

    46d10cb9b301c7a863c8a41e1f09c7a90620bf67297d954dee3595a833e4c2c3

  • Size

    4.1MB

  • Sample

    240509-s4cxdahd6v

  • MD5

    e818e7c806c027fa18d2dadfd3b2393a

  • SHA1

    69f22af75a3fe2925a18f7744e4d53eca133bad1

  • SHA256

    46d10cb9b301c7a863c8a41e1f09c7a90620bf67297d954dee3595a833e4c2c3

  • SHA512

    bd7b4f08a5505c8387bf890f4a7a916e3f2385d69266f1e62f8ad8881074b1011ffbc2a2cf4154ed59adfded0d23cb2ae5aca5be1bbc011e7b905034d7f30f23

  • SSDEEP

    49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFo:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqr

Malware Config

Targets

    • Target

      46d10cb9b301c7a863c8a41e1f09c7a90620bf67297d954dee3595a833e4c2c3

    • Size

      4.1MB

    • MD5

      e818e7c806c027fa18d2dadfd3b2393a

    • SHA1

      69f22af75a3fe2925a18f7744e4d53eca133bad1

    • SHA256

      46d10cb9b301c7a863c8a41e1f09c7a90620bf67297d954dee3595a833e4c2c3

    • SHA512

      bd7b4f08a5505c8387bf890f4a7a916e3f2385d69266f1e62f8ad8881074b1011ffbc2a2cf4154ed59adfded0d23cb2ae5aca5be1bbc011e7b905034d7f30f23

    • SSDEEP

      49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFo:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqr

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks