General

  • Target

    bac00b38bc2fef94b6ef9660b08fb698917ac100d7a010fda7c57d8d14068480

  • Size

    4.1MB

  • Sample

    240519-kym66abd32

  • MD5

    c9a90d99d8c26f334749d4372d009614

  • SHA1

    29aaa6bedd4a2f13ea5f420f1f3cec944366bf97

  • SHA256

    bac00b38bc2fef94b6ef9660b08fb698917ac100d7a010fda7c57d8d14068480

  • SHA512

    b9733af50135448626ed9209e8770c8f6ea4db3b74870700524c932e717e8d325c0bac2fa06e727ee8395388b8df32300e6bbe5f644a44bad9be02d320b62321

  • SSDEEP

    98304:ovCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1Q:ovC3DFSWO/BjYGk1PnXHoWWZ1za6NQ

Malware Config

Targets

    • Target

      bac00b38bc2fef94b6ef9660b08fb698917ac100d7a010fda7c57d8d14068480

    • Size

      4.1MB

    • MD5

      c9a90d99d8c26f334749d4372d009614

    • SHA1

      29aaa6bedd4a2f13ea5f420f1f3cec944366bf97

    • SHA256

      bac00b38bc2fef94b6ef9660b08fb698917ac100d7a010fda7c57d8d14068480

    • SHA512

      b9733af50135448626ed9209e8770c8f6ea4db3b74870700524c932e717e8d325c0bac2fa06e727ee8395388b8df32300e6bbe5f644a44bad9be02d320b62321

    • SSDEEP

      98304:ovCQaDBnSWO/B+XxjapSyZlG1PnsYHdaWgIg92gsnC3bzMZh6P1Q:ovC3DFSWO/BjYGk1PnXHoWWZ1za6NQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks