General

  • Target

    11f7b2c21ead492292b2b5bce206526656f3e454f04b149df61bd054119188a8

  • Size

    4.1MB

  • Sample

    240519-cg6yyada56

  • MD5

    810cd2c0d8c9e9c32c420bfcd2f0f49e

  • SHA1

    a7d2600a860b302cdbf90df5dffcc10da247edd0

  • SHA256

    11f7b2c21ead492292b2b5bce206526656f3e454f04b149df61bd054119188a8

  • SHA512

    a631a335801fcf1eb2642c857f9005beb2d4a72e01d63730aebf0aed32900338132b5c22710bf3ac889b47ef4278c2ca5f2a85500dda228f8ea497dd931b5581

  • SSDEEP

    98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22r:8rcnZFqd2LRPP3hYhQZr

Malware Config

Targets

    • Target

      11f7b2c21ead492292b2b5bce206526656f3e454f04b149df61bd054119188a8

    • Size

      4.1MB

    • MD5

      810cd2c0d8c9e9c32c420bfcd2f0f49e

    • SHA1

      a7d2600a860b302cdbf90df5dffcc10da247edd0

    • SHA256

      11f7b2c21ead492292b2b5bce206526656f3e454f04b149df61bd054119188a8

    • SHA512

      a631a335801fcf1eb2642c857f9005beb2d4a72e01d63730aebf0aed32900338132b5c22710bf3ac889b47ef4278c2ca5f2a85500dda228f8ea497dd931b5581

    • SSDEEP

      98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22r:8rcnZFqd2LRPP3hYhQZr

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks