General

  • Target

    c805909ab8b34f038e94b62eb0fde545f1442e55c454bd9834b831d12a115883

  • Size

    4.1MB

  • Sample

    240515-xv8d5sfc71

  • MD5

    c35bfcc4d6634570914e44084caf8815

  • SHA1

    8d93d2609e171e9a8ce21471b1239120f2314bc5

  • SHA256

    c805909ab8b34f038e94b62eb0fde545f1442e55c454bd9834b831d12a115883

  • SHA512

    81b40f086b56f03024c4a0e60cc0ccc3ad29aebeb4bb3d0eb973ddcceb95e8319af5643bee6c2204f7cfc6e54a8279e1d7323fcab9222cb27594d99af994f38d

  • SSDEEP

    98304:XvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1/:Xv8u49ZH7eDfxu9yMsE/

Malware Config

Targets

    • Target

      c805909ab8b34f038e94b62eb0fde545f1442e55c454bd9834b831d12a115883

    • Size

      4.1MB

    • MD5

      c35bfcc4d6634570914e44084caf8815

    • SHA1

      8d93d2609e171e9a8ce21471b1239120f2314bc5

    • SHA256

      c805909ab8b34f038e94b62eb0fde545f1442e55c454bd9834b831d12a115883

    • SHA512

      81b40f086b56f03024c4a0e60cc0ccc3ad29aebeb4bb3d0eb973ddcceb95e8319af5643bee6c2204f7cfc6e54a8279e1d7323fcab9222cb27594d99af994f38d

    • SSDEEP

      98304:XvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1/:Xv8u49ZH7eDfxu9yMsE/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks