General

  • Target

    746d4605876bf2cc5ce581df5f9225bdd6181c5d751ac21dfb4fff71c93507ac

  • Size

    4.1MB

  • Sample

    240519-gdg8mada39

  • MD5

    e77af6eb05b0d50aa98ec9d9581aec30

  • SHA1

    362fcf7db11cbc2cccb0346d7362588a54444a46

  • SHA256

    746d4605876bf2cc5ce581df5f9225bdd6181c5d751ac21dfb4fff71c93507ac

  • SHA512

    330c084867ea38bbb97ee59f98f266e20a794d37f6c5070c33819cd2f96aa3613a99466bc8334fee3ecaed99d08359726883d0db0dc480a5590f2c6c8ca5d52e

  • SSDEEP

    98304:UWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YM:UW16ulMesXlnBp/sjruCqmtIOvaj

Malware Config

Targets

    • Target

      746d4605876bf2cc5ce581df5f9225bdd6181c5d751ac21dfb4fff71c93507ac

    • Size

      4.1MB

    • MD5

      e77af6eb05b0d50aa98ec9d9581aec30

    • SHA1

      362fcf7db11cbc2cccb0346d7362588a54444a46

    • SHA256

      746d4605876bf2cc5ce581df5f9225bdd6181c5d751ac21dfb4fff71c93507ac

    • SHA512

      330c084867ea38bbb97ee59f98f266e20a794d37f6c5070c33819cd2f96aa3613a99466bc8334fee3ecaed99d08359726883d0db0dc480a5590f2c6c8ca5d52e

    • SSDEEP

      98304:UWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+YM:UW16ulMesXlnBp/sjruCqmtIOvaj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks