General

  • Target

    2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4

  • Size

    4.1MB

  • Sample

    240516-qg66laed4v

  • MD5

    b8ab6b091f1733f255493ec62b99c3ce

  • SHA1

    4df68bc38b7dde5d1ad7229b7bf5712af9ad6e32

  • SHA256

    2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4

  • SHA512

    5932a23a36647ff6574d043eff9d72eae248ff2f491ccb1950e98588a1e3d0b5087c53a36a1e4455d045a58a612e77d423bec2b1200efe9282fbe23c7b17640e

  • SSDEEP

    98304:0l9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+t4:ZT3oWlQMUAMlWxj+t4

Malware Config

Targets

    • Target

      2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4

    • Size

      4.1MB

    • MD5

      b8ab6b091f1733f255493ec62b99c3ce

    • SHA1

      4df68bc38b7dde5d1ad7229b7bf5712af9ad6e32

    • SHA256

      2bcc03adccf827efab96c76f8e0495b2df02087ebe3b5c692feffdf6e14921b4

    • SHA512

      5932a23a36647ff6574d043eff9d72eae248ff2f491ccb1950e98588a1e3d0b5087c53a36a1e4455d045a58a612e77d423bec2b1200efe9282fbe23c7b17640e

    • SSDEEP

      98304:0l9GTbLtL99uWlQGfUFGGhNMfnjCzwWu2csDCx3z+t4:ZT3oWlQMUAMlWxj+t4

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks