General

  • Target

    1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4

  • Size

    4.1MB

  • Sample

    240519-rc34taba92

  • MD5

    020f8317a10199696c559739689f75dd

  • SHA1

    d18e7ac271b5e303538314de2640455050c4954c

  • SHA256

    1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4

  • SHA512

    e582ff0c018ca32014c6928476d123155ce73636d4c192356fbc4d9deebbc99a85b40d54cb1dfe592ef5576210e32d9cbadf26331545a70f6b2c5acdb7d3e718

  • SSDEEP

    98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSh:IuOpIddBi3V8Ojm7gWylM939CM

Malware Config

Targets

    • Target

      1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4

    • Size

      4.1MB

    • MD5

      020f8317a10199696c559739689f75dd

    • SHA1

      d18e7ac271b5e303538314de2640455050c4954c

    • SHA256

      1ccd82eea69db23eee29d8c582b0d00fa446fb5c17d9f66ff1be975e386e0bd4

    • SHA512

      e582ff0c018ca32014c6928476d123155ce73636d4c192356fbc4d9deebbc99a85b40d54cb1dfe592ef5576210e32d9cbadf26331545a70f6b2c5acdb7d3e718

    • SSDEEP

      98304:IuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSh:IuOpIddBi3V8Ojm7gWylM939CM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks