General

  • Target

    f4021772b5797ff8335c95847ce73ba1242fc8f84a18cb573332d918caf5f5b3

  • Size

    4.1MB

  • Sample

    240404-pxm7zsfh4w

  • MD5

    91d2b9597a10deb4581d58071563fa40

  • SHA1

    b5ba1ec8b0f5b789240201ba4af87767d87a239f

  • SHA256

    f4021772b5797ff8335c95847ce73ba1242fc8f84a18cb573332d918caf5f5b3

  • SHA512

    9be192a65a6455e292b31f7bbb3de2f96848121a9b277d8168a987ad1cd385787c222698360b93f7730902a1cfed5672cb024b7e5443a6a01dcdee5a8a863ae6

  • SSDEEP

    98304:W5uGUxyGNHvR+rg+uWcdiM0F3ZjLTFnqJK2M+8rkIIZEcfh:NNJ+k+OSKRkoZEcZ

Malware Config

Targets

    • Target

      f4021772b5797ff8335c95847ce73ba1242fc8f84a18cb573332d918caf5f5b3

    • Size

      4.1MB

    • MD5

      91d2b9597a10deb4581d58071563fa40

    • SHA1

      b5ba1ec8b0f5b789240201ba4af87767d87a239f

    • SHA256

      f4021772b5797ff8335c95847ce73ba1242fc8f84a18cb573332d918caf5f5b3

    • SHA512

      9be192a65a6455e292b31f7bbb3de2f96848121a9b277d8168a987ad1cd385787c222698360b93f7730902a1cfed5672cb024b7e5443a6a01dcdee5a8a863ae6

    • SSDEEP

      98304:W5uGUxyGNHvR+rg+uWcdiM0F3ZjLTFnqJK2M+8rkIIZEcfh:NNJ+k+OSKRkoZEcZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks