General

  • Target

    4c14eb45b343dc31451196e572c5b646ad3aa44dd7f584c4f55a5b18f4513f8f

  • Size

    4.1MB

  • Sample

    240519-rdc9sabc41

  • MD5

    cda7facfacace6d8addb77df54ef865b

  • SHA1

    9fe3c6b7df3e04fc9e7b67f353ea419c95863e25

  • SHA256

    4c14eb45b343dc31451196e572c5b646ad3aa44dd7f584c4f55a5b18f4513f8f

  • SHA512

    96b1dfedcf31a5e1ab54d3c29b8c451029fbcd138ee3a1dd60ccf48d7fec2b6d415038020250d078ca0d0aa5c9cb91bacc0d4a7fedff0d679e67b8762f187b83

  • SSDEEP

    98304:QuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS5:QuOpIddBi3V8Ojm7gWylM939CI

Malware Config

Targets

    • Target

      4c14eb45b343dc31451196e572c5b646ad3aa44dd7f584c4f55a5b18f4513f8f

    • Size

      4.1MB

    • MD5

      cda7facfacace6d8addb77df54ef865b

    • SHA1

      9fe3c6b7df3e04fc9e7b67f353ea419c95863e25

    • SHA256

      4c14eb45b343dc31451196e572c5b646ad3aa44dd7f584c4f55a5b18f4513f8f

    • SHA512

      96b1dfedcf31a5e1ab54d3c29b8c451029fbcd138ee3a1dd60ccf48d7fec2b6d415038020250d078ca0d0aa5c9cb91bacc0d4a7fedff0d679e67b8762f187b83

    • SSDEEP

      98304:QuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBS5:QuOpIddBi3V8Ojm7gWylM939CI

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks