General

  • Target

    4d818a84b90145961b5dec224a5b6ff9ac64f1fe4f2f9b9fb3b3ab52c7521332

  • Size

    4.1MB

  • Sample

    240519-cdkljacg49

  • MD5

    38fda2f226ac96c605fb2a29d14356f7

  • SHA1

    389be5db2734f23c29de5da81c24a122d2849871

  • SHA256

    4d818a84b90145961b5dec224a5b6ff9ac64f1fe4f2f9b9fb3b3ab52c7521332

  • SHA512

    95f59cd4bb7b523a3e7b4bd1a8e99acdda020443ac83dad90080e30077504a5cb3c4523f535f728fdb729b0908363775490702c3a83a4243f58b8de5ff3cbf8d

  • SSDEEP

    98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22Q:8rcnZFqd2LRPP3hYhQZQ

Malware Config

Targets

    • Target

      4d818a84b90145961b5dec224a5b6ff9ac64f1fe4f2f9b9fb3b3ab52c7521332

    • Size

      4.1MB

    • MD5

      38fda2f226ac96c605fb2a29d14356f7

    • SHA1

      389be5db2734f23c29de5da81c24a122d2849871

    • SHA256

      4d818a84b90145961b5dec224a5b6ff9ac64f1fe4f2f9b9fb3b3ab52c7521332

    • SHA512

      95f59cd4bb7b523a3e7b4bd1a8e99acdda020443ac83dad90080e30077504a5cb3c4523f535f728fdb729b0908363775490702c3a83a4243f58b8de5ff3cbf8d

    • SSDEEP

      98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22Q:8rcnZFqd2LRPP3hYhQZQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks