General

  • Target

    4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b

  • Size

    4.1MB

  • Sample

    240519-cjtfmadb44

  • MD5

    6f2311a5bcf2f729847a7e165121c3a2

  • SHA1

    065a8eadd68a4e9d0b0d2720eacaa8344021d0c3

  • SHA256

    4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b

  • SHA512

    5c2754a235e8c379c7909956b6241fdc159b993118f5cde10bc61ad60468a144ecf0ce0923e2d7eb04082ac35a0ef285ae7dbb700be7c3280321c5e9fb731238

  • SSDEEP

    98304:UrbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22X:UrcnZFqd2LRPP3hYhQZX

Malware Config

Targets

    • Target

      4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b

    • Size

      4.1MB

    • MD5

      6f2311a5bcf2f729847a7e165121c3a2

    • SHA1

      065a8eadd68a4e9d0b0d2720eacaa8344021d0c3

    • SHA256

      4faac6c84647615b80688d7911be67bff99b9d0cba29c27275cef23b7ae2d93b

    • SHA512

      5c2754a235e8c379c7909956b6241fdc159b993118f5cde10bc61ad60468a144ecf0ce0923e2d7eb04082ac35a0ef285ae7dbb700be7c3280321c5e9fb731238

    • SSDEEP

      98304:UrbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22X:UrcnZFqd2LRPP3hYhQZX

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks