General

  • Target

    411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238

  • Size

    4.1MB

  • Sample

    240519-kwt7pabc3w

  • MD5

    6c483ee8a3efdf90eda75ef0f70ccc2b

  • SHA1

    18e628bef94b720ad0160d1f1f67cc48641bb60b

  • SHA256

    411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238

  • SHA512

    c45a4da2821ec04fe751d11f7c8a2926cf66a6db2fa30600a5d1e7ecc0ed62e0f0bf6c3811f13cecef0cc0568ccd909b068a28cf5bc0053fdef17ff2bb00fb5f

  • SSDEEP

    98304:AvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1w:AvC3DFSWO/BjYGk1PnXHoWWZ1za6Nw

Malware Config

Targets

    • Target

      411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238

    • Size

      4.1MB

    • MD5

      6c483ee8a3efdf90eda75ef0f70ccc2b

    • SHA1

      18e628bef94b720ad0160d1f1f67cc48641bb60b

    • SHA256

      411b3b01d42c95d1d726c603d15df14a0e1c7d2fe5b3d6876296620442621238

    • SHA512

      c45a4da2821ec04fe751d11f7c8a2926cf66a6db2fa30600a5d1e7ecc0ed62e0f0bf6c3811f13cecef0cc0568ccd909b068a28cf5bc0053fdef17ff2bb00fb5f

    • SSDEEP

      98304:AvCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1w:AvC3DFSWO/BjYGk1PnXHoWWZ1za6Nw

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks