General

  • Target

    0779e88deedb038aaa7bae71d094f049dedcee307b6efeb317fc86b6acb53763

  • Size

    4.1MB

  • Sample

    230327-z4n3zafc72

  • MD5

    7a734f3a9e783d39e606db911b9c4101

  • SHA1

    85d1c109e825ae312c69d3aef4850db779ae6863

  • SHA256

    0779e88deedb038aaa7bae71d094f049dedcee307b6efeb317fc86b6acb53763

  • SHA512

    26ba85b3709be8df69f18acbcec67ecc8522137c2c8ec0dfaeb6f3ad7085bc9d0b02c93867530526d4fe18bab9d1068f895d2a1c0aa1c24886cfefd7da05936b

  • SSDEEP

    98304:aUwzay3/eNse6eXt0f8PeFsnpObm1b2OjOkqWQTMeoC8X2wWLO3gZWLQr1jYa:arey3/rCMGeMIyN2ObnbXIS3LQea

Malware Config

Targets

    • Target

      0779e88deedb038aaa7bae71d094f049dedcee307b6efeb317fc86b6acb53763

    • Size

      4.1MB

    • MD5

      7a734f3a9e783d39e606db911b9c4101

    • SHA1

      85d1c109e825ae312c69d3aef4850db779ae6863

    • SHA256

      0779e88deedb038aaa7bae71d094f049dedcee307b6efeb317fc86b6acb53763

    • SHA512

      26ba85b3709be8df69f18acbcec67ecc8522137c2c8ec0dfaeb6f3ad7085bc9d0b02c93867530526d4fe18bab9d1068f895d2a1c0aa1c24886cfefd7da05936b

    • SSDEEP

      98304:aUwzay3/eNse6eXt0f8PeFsnpObm1b2OjOkqWQTMeoC8X2wWLO3gZWLQr1jYa:arey3/rCMGeMIyN2ObnbXIS3LQea

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Tasks