General

  • Target

    4c98d0e58e34360fd8862acf310fb56296b99a23411f4a6257cf29ad2df51ba9

  • Size

    4.1MB

  • Sample

    240519-rdfpxabb28

  • MD5

    41671fa8975be8ebe5fae3d48308e38a

  • SHA1

    bfccefc2604461f51da2210633abd9af0bf6f55b

  • SHA256

    4c98d0e58e34360fd8862acf310fb56296b99a23411f4a6257cf29ad2df51ba9

  • SHA512

    c9dccc79c8ae79900a9060e0889b35d28c270ba2b57be73e94363d801523ee1296720bd2832c68b793553fb66dec61e5e766c3e5259d23b2c91586f3639f110c

  • SSDEEP

    98304:QuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSZ:QuOpIddBi3V8Ojm7gWylM939C8

Malware Config

Targets

    • Target

      4c98d0e58e34360fd8862acf310fb56296b99a23411f4a6257cf29ad2df51ba9

    • Size

      4.1MB

    • MD5

      41671fa8975be8ebe5fae3d48308e38a

    • SHA1

      bfccefc2604461f51da2210633abd9af0bf6f55b

    • SHA256

      4c98d0e58e34360fd8862acf310fb56296b99a23411f4a6257cf29ad2df51ba9

    • SHA512

      c9dccc79c8ae79900a9060e0889b35d28c270ba2b57be73e94363d801523ee1296720bd2832c68b793553fb66dec61e5e766c3e5259d23b2c91586f3639f110c

    • SSDEEP

      98304:QuOdAWE/bfbxbxBimum48oJjLrUZhWcgWy75MTps2CObMUZCzBSZ:QuOpIddBi3V8Ojm7gWylM939C8

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks