General

  • Target

    733fc3ba4ef0f33d9a1ee30ef5a5bf8c5743cf9422658e69187f074c1e8e258d

  • Size

    4.1MB

  • Sample

    240509-txs6fsed32

  • MD5

    55289a7ee17bb8ee11b5b28cc5485d73

  • SHA1

    8444a2df93a95755aa982b1d8afd1ec0bd511d1d

  • SHA256

    733fc3ba4ef0f33d9a1ee30ef5a5bf8c5743cf9422658e69187f074c1e8e258d

  • SHA512

    d4f0781249c22ec73ae6c0da210c1732b9984d03874a9fbbd69bd7aaa7aebadc07a982848c020e329e49bc316d9adf1c54221cc70ef19fc196b184e915e3c938

  • SSDEEP

    98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9af:lmkkc0oEfvGFgFjKYMWdu

Malware Config

Targets

    • Target

      733fc3ba4ef0f33d9a1ee30ef5a5bf8c5743cf9422658e69187f074c1e8e258d

    • Size

      4.1MB

    • MD5

      55289a7ee17bb8ee11b5b28cc5485d73

    • SHA1

      8444a2df93a95755aa982b1d8afd1ec0bd511d1d

    • SHA256

      733fc3ba4ef0f33d9a1ee30ef5a5bf8c5743cf9422658e69187f074c1e8e258d

    • SHA512

      d4f0781249c22ec73ae6c0da210c1732b9984d03874a9fbbd69bd7aaa7aebadc07a982848c020e329e49bc316d9adf1c54221cc70ef19fc196b184e915e3c938

    • SSDEEP

      98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9af:lmkkc0oEfvGFgFjKYMWdu

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks