General

  • Target

    8c588d4f64ea4b95b0fc1f41e0c07aff60b3cd5dfb4dcaad1877f426109b6cf3

  • Size

    4.1MB

  • Sample

    240519-grdscsdf51

  • MD5

    605c28e99106f97c17e8a0c5dbf95f6f

  • SHA1

    82f63ca5974daf92b48b21f6c5fb5fc0b573cd1c

  • SHA256

    8c588d4f64ea4b95b0fc1f41e0c07aff60b3cd5dfb4dcaad1877f426109b6cf3

  • SHA512

    845e15638737abbee9f4ad38c3f8ff09a6bf69a8b12901aef1dba18947543960ecf19ab87180477458adc2df27019860e8ee0b76b633b3e7f1b59b06ec69f3bc

  • SSDEEP

    98304:EWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yz:EW16ulMesXlnBp/sjruCqmtIOvag

Malware Config

Targets

    • Target

      8c588d4f64ea4b95b0fc1f41e0c07aff60b3cd5dfb4dcaad1877f426109b6cf3

    • Size

      4.1MB

    • MD5

      605c28e99106f97c17e8a0c5dbf95f6f

    • SHA1

      82f63ca5974daf92b48b21f6c5fb5fc0b573cd1c

    • SHA256

      8c588d4f64ea4b95b0fc1f41e0c07aff60b3cd5dfb4dcaad1877f426109b6cf3

    • SHA512

      845e15638737abbee9f4ad38c3f8ff09a6bf69a8b12901aef1dba18947543960ecf19ab87180477458adc2df27019860e8ee0b76b633b3e7f1b59b06ec69f3bc

    • SSDEEP

      98304:EWlQWNKQPwrulMpohZQjk4lnBk2/sgseYryCqOgI7KD2bsOvJZ+2+Yz:EW16ulMesXlnBp/sjruCqmtIOvag

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks