General

  • Target

    afd7b064d92d3e9cf5bd8c9e7f2e95f3f829d0082576329cd7babfa88fefc4b4

  • Size

    4.1MB

  • Sample

    240519-gf2eaadb63

  • MD5

    db0dd57c36bcdc8d1bfb94e81f0986f8

  • SHA1

    74280e8c422f22dd03ad86b7c84ac4f860dca5a0

  • SHA256

    afd7b064d92d3e9cf5bd8c9e7f2e95f3f829d0082576329cd7babfa88fefc4b4

  • SHA512

    53fc402a00b12209df5890ece10cb213d5d73e2b23f7e1059d138996fdeeb073d35cc0cc76403941d8c95097ef68fbd45a5605ece23fccf7ac6e923bc369580c

  • SSDEEP

    98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Y/:cW16ulMesXlnBp/sjruCqmtIOvaY

Malware Config

Targets

    • Target

      afd7b064d92d3e9cf5bd8c9e7f2e95f3f829d0082576329cd7babfa88fefc4b4

    • Size

      4.1MB

    • MD5

      db0dd57c36bcdc8d1bfb94e81f0986f8

    • SHA1

      74280e8c422f22dd03ad86b7c84ac4f860dca5a0

    • SHA256

      afd7b064d92d3e9cf5bd8c9e7f2e95f3f829d0082576329cd7babfa88fefc4b4

    • SHA512

      53fc402a00b12209df5890ece10cb213d5d73e2b23f7e1059d138996fdeeb073d35cc0cc76403941d8c95097ef68fbd45a5605ece23fccf7ac6e923bc369580c

    • SSDEEP

      98304:cWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Y/:cW16ulMesXlnBp/sjruCqmtIOvaY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks