General

  • Target

    3498eda4fa5d8df0ffb5ace3dc2fd26d7b5f65f439599edb7a08b6a8bdd165db

  • Size

    4.1MB

  • Sample

    240509-txeytsec92

  • MD5

    a3f62b1b35f011738bd1716ac8552037

  • SHA1

    c4a0ca930654a9aa9264d9b9c0cf2d8de44eb81d

  • SHA256

    3498eda4fa5d8df0ffb5ace3dc2fd26d7b5f65f439599edb7a08b6a8bdd165db

  • SHA512

    fe9ba75ccd17b88ca399366b897bfd9b4c928a993009b9f98bb2703682372d6192cafaa678f7251e285b0e264be11a4e821728ba9750ecfcad1581876582e977

  • SSDEEP

    98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdj

Malware Config

Targets

    • Target

      3498eda4fa5d8df0ffb5ace3dc2fd26d7b5f65f439599edb7a08b6a8bdd165db

    • Size

      4.1MB

    • MD5

      a3f62b1b35f011738bd1716ac8552037

    • SHA1

      c4a0ca930654a9aa9264d9b9c0cf2d8de44eb81d

    • SHA256

      3498eda4fa5d8df0ffb5ace3dc2fd26d7b5f65f439599edb7a08b6a8bdd165db

    • SHA512

      fe9ba75ccd17b88ca399366b897bfd9b4c928a993009b9f98bb2703682372d6192cafaa678f7251e285b0e264be11a4e821728ba9750ecfcad1581876582e977

    • SSDEEP

      98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks