General

  • Target

    84268777a5d8361a89e3c3843abd921f659c49b8a6946c1b30c04bbf9fbb5fdc

  • Size

    4.1MB

  • Sample

    240519-gd742sda69

  • MD5

    db92cc9f1f32a65160aaddc57c693507

  • SHA1

    d60f53e124dabc489375915886e74b90c2640417

  • SHA256

    84268777a5d8361a89e3c3843abd921f659c49b8a6946c1b30c04bbf9fbb5fdc

  • SHA512

    f3c2478fc704b636be7a06454e3debb4d0988860beea40cf5d80548a3402212c08b3b164a0fc8641c127ebb34c2681d62f422b7f197a4cd03fe906fc8a6693ab

  • SSDEEP

    98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YX:cW16ulMesXlnBp/sjruCqmtIOvak

Malware Config

Targets

    • Target

      84268777a5d8361a89e3c3843abd921f659c49b8a6946c1b30c04bbf9fbb5fdc

    • Size

      4.1MB

    • MD5

      db92cc9f1f32a65160aaddc57c693507

    • SHA1

      d60f53e124dabc489375915886e74b90c2640417

    • SHA256

      84268777a5d8361a89e3c3843abd921f659c49b8a6946c1b30c04bbf9fbb5fdc

    • SHA512

      f3c2478fc704b636be7a06454e3debb4d0988860beea40cf5d80548a3402212c08b3b164a0fc8641c127ebb34c2681d62f422b7f197a4cd03fe906fc8a6693ab

    • SSDEEP

      98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YX:cW16ulMesXlnBp/sjruCqmtIOvak

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks