General

  • Target

    e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167

  • Size

    4.1MB

  • Sample

    240519-gcwpmacg9x

  • MD5

    13c93e83e0c88b132e67fb0a2785cb36

  • SHA1

    dbd0ba5e97752a2be3f4c4a0ddbb446d5bc4476f

  • SHA256

    e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167

  • SHA512

    e26588221f737aa86b5c946cc658add9645fa819b733baf9fd2a8296051dbdcb0a43b82bd92a4b0ec0a6b33b6ed1889d51a00b1db8e3691020e78d9c41ecfd98

  • SSDEEP

    98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YZ:kW16ulMesXlnBp/sjruCqmtIOvaq

Malware Config

Targets

    • Target

      e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167

    • Size

      4.1MB

    • MD5

      13c93e83e0c88b132e67fb0a2785cb36

    • SHA1

      dbd0ba5e97752a2be3f4c4a0ddbb446d5bc4476f

    • SHA256

      e76b0d442257b858b6fa9cf9359aee81baffd2e3caa64f00b62a3eefda826167

    • SHA512

      e26588221f737aa86b5c946cc658add9645fa819b733baf9fd2a8296051dbdcb0a43b82bd92a4b0ec0a6b33b6ed1889d51a00b1db8e3691020e78d9c41ecfd98

    • SSDEEP

      98304:kWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YZ:kW16ulMesXlnBp/sjruCqmtIOvaq

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks