General

  • Target

    2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016

  • Size

    4.1MB

  • Sample

    240519-kw98xabc4w

  • MD5

    881f0e1b55a24e9862e8be400b59f45f

  • SHA1

    1d51b95c585db438f094fe1e850969d9dfb1ed29

  • SHA256

    2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016

  • SHA512

    79157352c7993ea45a67399c5a6559d6ebd5f1503f22f91f7e67d91e275931d33d4a60b0d25b28e53c09c3b1bd08d1c2e7c9b8ef9465a8bb62068278c8dbcaca

  • SSDEEP

    98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1a:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Na

Malware Config

Targets

    • Target

      2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016

    • Size

      4.1MB

    • MD5

      881f0e1b55a24e9862e8be400b59f45f

    • SHA1

      1d51b95c585db438f094fe1e850969d9dfb1ed29

    • SHA256

      2c01dd23a27aa6c17b946113f0fcacac8eae26c0d9dc964e1d142cb2d5219016

    • SHA512

      79157352c7993ea45a67399c5a6559d6ebd5f1503f22f91f7e67d91e275931d33d4a60b0d25b28e53c09c3b1bd08d1c2e7c9b8ef9465a8bb62068278c8dbcaca

    • SSDEEP

      98304:QvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1a:QvC3DFSWO/BjYGk1PnXHoWWZ1za6Na

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks