General

  • Target

    6698fa81c4e7b8941ccffa2d50f2427c2ba2d0d6a241d36ed06a15707d6b34cd

  • Size

    4.1MB

  • Sample

    240515-lqncmabf51

  • MD5

    245233e06d65b1a0beca6e97a4de3e1e

  • SHA1

    e814a0b6cf79610ce5a360c3df5588eab192e28b

  • SHA256

    6698fa81c4e7b8941ccffa2d50f2427c2ba2d0d6a241d36ed06a15707d6b34cd

  • SHA512

    5bfcedae6603a82b18b312e5e59b5b8bd17f40b34c715b3bb6d2b6e38e2c49644eac281eb8a6aeb457f1eb3592d8acbd5a5ab0dea4dbee9ca2f2e883ed9e630e

  • SSDEEP

    98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6D:brCy8l0I4UGC6Dg3yk88npD

Malware Config

Targets

    • Target

      6698fa81c4e7b8941ccffa2d50f2427c2ba2d0d6a241d36ed06a15707d6b34cd

    • Size

      4.1MB

    • MD5

      245233e06d65b1a0beca6e97a4de3e1e

    • SHA1

      e814a0b6cf79610ce5a360c3df5588eab192e28b

    • SHA256

      6698fa81c4e7b8941ccffa2d50f2427c2ba2d0d6a241d36ed06a15707d6b34cd

    • SHA512

      5bfcedae6603a82b18b312e5e59b5b8bd17f40b34c715b3bb6d2b6e38e2c49644eac281eb8a6aeb457f1eb3592d8acbd5a5ab0dea4dbee9ca2f2e883ed9e630e

    • SSDEEP

      98304:brCNiB8ow0tjGRwMUUAJnC6DPNgwm1X3ykRpk8yR82N6D:brCy8l0I4UGC6Dg3yk88npD

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks