General

  • Target

    26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86

  • Size

    4.1MB

  • Sample

    240515-3qfffsac2v

  • MD5

    d224c01165136763824cb4cf0144493f

  • SHA1

    9bc66aac34d81bbfb85e9f7e2e02d2c25d8d0394

  • SHA256

    26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86

  • SHA512

    fd908bf6b893bd367f35e4c7b4bbf2cc92634479fa56d825b5495931284e52cf120e52ae74c79d10e872a71f92e446df5b0e74c89d735106790e23da4f5827d2

  • SSDEEP

    98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQn0:3g9u7eueIzil0SbrHmM0J

Malware Config

Targets

    • Target

      26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86

    • Size

      4.1MB

    • MD5

      d224c01165136763824cb4cf0144493f

    • SHA1

      9bc66aac34d81bbfb85e9f7e2e02d2c25d8d0394

    • SHA256

      26df6a3c515d9e9c0f3a1911864b8a8931e955f4abe948fc95114566e73b3d86

    • SHA512

      fd908bf6b893bd367f35e4c7b4bbf2cc92634479fa56d825b5495931284e52cf120e52ae74c79d10e872a71f92e446df5b0e74c89d735106790e23da4f5827d2

    • SSDEEP

      98304:3sj80k8u7e4te7QNzi5j0edbbHwu+w5lmM0XQn0:3g9u7eueIzil0SbrHmM0J

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks