General

  • Target

    006dcd3da307981a054b232d3cbd3ce20f8baff28fe498aa0638c32334964fda

  • Size

    4.1MB

  • Sample

    240515-xv2llafc7v

  • MD5

    4fe10b2152058c56336b71a2d06c673d

  • SHA1

    b5b6f0020da4df0ee91736f264906b5c30dec5ee

  • SHA256

    006dcd3da307981a054b232d3cbd3ce20f8baff28fe498aa0638c32334964fda

  • SHA512

    725411c4fa2be8dba127fe2ea3a8d97c607024886548b2d7584b3b7027bb6db073bc651d527547f0201ddf48a3e2fbd4166f6f9c7d05cac3f067eb30ab50ca55

  • SSDEEP

    98304:XvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1R:Xv8u49ZH7eDfxu9yMsER

Malware Config

Targets

    • Target

      006dcd3da307981a054b232d3cbd3ce20f8baff28fe498aa0638c32334964fda

    • Size

      4.1MB

    • MD5

      4fe10b2152058c56336b71a2d06c673d

    • SHA1

      b5b6f0020da4df0ee91736f264906b5c30dec5ee

    • SHA256

      006dcd3da307981a054b232d3cbd3ce20f8baff28fe498aa0638c32334964fda

    • SHA512

      725411c4fa2be8dba127fe2ea3a8d97c607024886548b2d7584b3b7027bb6db073bc651d527547f0201ddf48a3e2fbd4166f6f9c7d05cac3f067eb30ab50ca55

    • SSDEEP

      98304:XvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1R:Xv8u49ZH7eDfxu9yMsER

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks