General

  • Target

    6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8

  • Size

    4.1MB

  • Sample

    240517-qf3rsaae44

  • MD5

    6c1b960ec89a89da626272366c428a56

  • SHA1

    8cb43a8b16cc8f2b33ab7107576478bd419f111e

  • SHA256

    6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8

  • SHA512

    045e3c070b726a1f77ebf33c8c49a7921d0f444baac253c531222cf62cb27898e5cb9b9bccf6564676f0b79b53039d7398d3237bda3feb9af51a6754338f7f21

  • SSDEEP

    98304:3hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvF:Rz9CiccJ0CpfGcGG1DfLP

Malware Config

Targets

    • Target

      6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8

    • Size

      4.1MB

    • MD5

      6c1b960ec89a89da626272366c428a56

    • SHA1

      8cb43a8b16cc8f2b33ab7107576478bd419f111e

    • SHA256

      6422befb38c9c9a355e9da49a294cdd002bf45ef69a024fb8fe9a679376903b8

    • SHA512

      045e3c070b726a1f77ebf33c8c49a7921d0f444baac253c531222cf62cb27898e5cb9b9bccf6564676f0b79b53039d7398d3237bda3feb9af51a6754338f7f21

    • SSDEEP

      98304:3hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvF:Rz9CiccJ0CpfGcGG1DfLP

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks