General

  • Target

    33bb838910305f091fe2d30b376e79c06debb2ddc93d61af12c7a44432002ca4

  • Size

    4.1MB

  • Sample

    240404-v24cnaeb94

  • MD5

    91fc8afa803e5cccdb8ab2166623b6f2

  • SHA1

    b1146f11caa013d198ae0c1e3c5a0c1821f8bb36

  • SHA256

    33bb838910305f091fe2d30b376e79c06debb2ddc93d61af12c7a44432002ca4

  • SHA512

    477d7fc603fb2b03089294c434b1b5c34f3a688b8267db22534149e4f605c2fcc7f0beb88dcc71ec054dfa37e29249c95a197026d33e06f73efecd673a2b7647

  • SSDEEP

    98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfj:NMU4iw7Yx2bns7pLfTgfj

Malware Config

Targets

    • Target

      33bb838910305f091fe2d30b376e79c06debb2ddc93d61af12c7a44432002ca4

    • Size

      4.1MB

    • MD5

      91fc8afa803e5cccdb8ab2166623b6f2

    • SHA1

      b1146f11caa013d198ae0c1e3c5a0c1821f8bb36

    • SHA256

      33bb838910305f091fe2d30b376e79c06debb2ddc93d61af12c7a44432002ca4

    • SHA512

      477d7fc603fb2b03089294c434b1b5c34f3a688b8267db22534149e4f605c2fcc7f0beb88dcc71ec054dfa37e29249c95a197026d33e06f73efecd673a2b7647

    • SSDEEP

      98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfj:NMU4iw7Yx2bns7pLfTgfj

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks