General

  • Target

    6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d

  • Size

    4.1MB

  • Sample

    240509-twvmwsbb6z

  • MD5

    7bec04858f00ce82ca846a74bba018ab

  • SHA1

    ef0a9607f02ad6abe75237e55d3ffc255bb79201

  • SHA256

    6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d

  • SHA512

    eedeb18ce2304d73e681608a419bce95d03ce353aa198538ac9a154d26dc4d856f2a09243d0f88a6e1d01b8cab38973edd344fc7cd2a79f4d35fcdd4e40523a5

  • SSDEEP

    98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9an:dmkkc0oEfvGFgFjKYMWdW

Malware Config

Targets

    • Target

      6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d

    • Size

      4.1MB

    • MD5

      7bec04858f00ce82ca846a74bba018ab

    • SHA1

      ef0a9607f02ad6abe75237e55d3ffc255bb79201

    • SHA256

      6ae395f412d2cbd88e1d916e7a425e4a9bf3e26d905079852bbf2d99d6806e5d

    • SHA512

      eedeb18ce2304d73e681608a419bce95d03ce353aa198538ac9a154d26dc4d856f2a09243d0f88a6e1d01b8cab38973edd344fc7cd2a79f4d35fcdd4e40523a5

    • SSDEEP

      98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9an:dmkkc0oEfvGFgFjKYMWdW

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks