General

  • Target

    6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

  • Size

    4.1MB

  • Sample

    240519-cbvnqacd8y

  • MD5

    a9ff8e69692def51525760f51284539a

  • SHA1

    dcb401e525396487ee3f19c4892c8e75f10da42f

  • SHA256

    6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

  • SHA512

    be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4

  • SSDEEP

    98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22L:8rcnZFqd2LRPP3hYhQZL

Malware Config

Targets

    • Target

      6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

    • Size

      4.1MB

    • MD5

      a9ff8e69692def51525760f51284539a

    • SHA1

      dcb401e525396487ee3f19c4892c8e75f10da42f

    • SHA256

      6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

    • SHA512

      be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4

    • SSDEEP

      98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22L:8rcnZFqd2LRPP3hYhQZL

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Blocklisted process makes network request

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks