General

  • Target

    07ccf40e159da6dcd391d259d8f7ae6fee4f47f8905943042c60289f15044fbd

  • Size

    4.1MB

  • Sample

    240519-kvxw7abb9y

  • MD5

    7b807ddf1e7dfd715ea5561e06f0b458

  • SHA1

    13c67cd03c8b5eb0499aa48281a4f99c972839a7

  • SHA256

    07ccf40e159da6dcd391d259d8f7ae6fee4f47f8905943042c60289f15044fbd

  • SHA512

    6b1a0ace42c32395b2e1e6ddfa8910061d23f48c93b842edd16609546d07b8d763bd0afb262454377f69c26d7775b534e991c5041c40da21ba1e3a0603741094

  • SSDEEP

    98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1m:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Nm

Malware Config

Targets

    • Target

      07ccf40e159da6dcd391d259d8f7ae6fee4f47f8905943042c60289f15044fbd

    • Size

      4.1MB

    • MD5

      7b807ddf1e7dfd715ea5561e06f0b458

    • SHA1

      13c67cd03c8b5eb0499aa48281a4f99c972839a7

    • SHA256

      07ccf40e159da6dcd391d259d8f7ae6fee4f47f8905943042c60289f15044fbd

    • SHA512

      6b1a0ace42c32395b2e1e6ddfa8910061d23f48c93b842edd16609546d07b8d763bd0afb262454377f69c26d7775b534e991c5041c40da21ba1e3a0603741094

    • SSDEEP

      98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1m:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Nm

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks