General

  • Target

    e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1

  • Size

    4.1MB

  • Sample

    240509-s7gpqshf5v

  • MD5

    69bb01084856c56a02ac5c32412cbef4

  • SHA1

    51ec5a3c033a0d84cdfa42982be35be7a40347b9

  • SHA256

    e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1

  • SHA512

    4b90a4a567b86d3f29c20a5643d0c1a5fd886a6e796cf47383c07265ca84fe7cd1296016ba340ca48aadd39aa6ac1f0fb69efbc519da28caf88abf119aac1ba3

  • SSDEEP

    49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFN:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqC

Malware Config

Targets

    • Target

      e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1

    • Size

      4.1MB

    • MD5

      69bb01084856c56a02ac5c32412cbef4

    • SHA1

      51ec5a3c033a0d84cdfa42982be35be7a40347b9

    • SHA256

      e863afb1c77e26b8c0587849dbd16d2ea086bc6197bc78ca7f926aa9477880c1

    • SHA512

      4b90a4a567b86d3f29c20a5643d0c1a5fd886a6e796cf47383c07265ca84fe7cd1296016ba340ca48aadd39aa6ac1f0fb69efbc519da28caf88abf119aac1ba3

    • SSDEEP

      49152:aFHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFN:aFDbcVB3TFxHH43Ma9n+52NVhL/oBqqC

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks