General

  • Target

    6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb

  • Size

    4.1MB

  • Sample

    240515-xw995afg47

  • MD5

    4f3ab3c0644fc5d8b028eadaf86465e6

  • SHA1

    03ce9f9bb4278e899a53ca5d20294c8da12689e4

  • SHA256

    6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb

  • SHA512

    be1c4587aebb990f062f4fee5aea2a8bfe47a683a4708c6a00dc56bee0a1d9e07ed0bb0d567de49e2260147d8d779c71c8fdde6fbdc667d9ec20b05cb30f59dc

  • SSDEEP

    98304:fvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1H:fv8u49ZH7eDfxu9yMsEH

Malware Config

Targets

    • Target

      6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb

    • Size

      4.1MB

    • MD5

      4f3ab3c0644fc5d8b028eadaf86465e6

    • SHA1

      03ce9f9bb4278e899a53ca5d20294c8da12689e4

    • SHA256

      6dacbc01ec6697ed45f887e8b5a6905081c6beaa7ea448585528a4bf01b198cb

    • SHA512

      be1c4587aebb990f062f4fee5aea2a8bfe47a683a4708c6a00dc56bee0a1d9e07ed0bb0d567de49e2260147d8d779c71c8fdde6fbdc667d9ec20b05cb30f59dc

    • SSDEEP

      98304:fvKhyQu49tHH7DRYDff1lXFitQcJyMhd8Y1H:fv8u49ZH7eDfxu9yMsEH

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks