General

  • Target

    7f83a8798bc0f70dd4dddda35386c197f4c430b5cd7ce314003d43e368025ee9

  • Size

    4.1MB

  • Sample

    240404-v2ez3ade9z

  • MD5

    3f5245d86aa3a3d285f19d1436fbe9e0

  • SHA1

    d455c20025a1b6b4a5e676927541bba8e829b567

  • SHA256

    7f83a8798bc0f70dd4dddda35386c197f4c430b5cd7ce314003d43e368025ee9

  • SHA512

    fb362af34e93b0dd897d5be5382df263c47dab5882e93b0e542ce716ca6957cbfd5479d5361c576b7d47eca93d718bf5f8b4eca0d711bde377ff3eeecfed57ca

  • SSDEEP

    98304:jH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfz:9MU4iw7Yx2bns7pLfTgfz

Malware Config

Targets

    • Target

      7f83a8798bc0f70dd4dddda35386c197f4c430b5cd7ce314003d43e368025ee9

    • Size

      4.1MB

    • MD5

      3f5245d86aa3a3d285f19d1436fbe9e0

    • SHA1

      d455c20025a1b6b4a5e676927541bba8e829b567

    • SHA256

      7f83a8798bc0f70dd4dddda35386c197f4c430b5cd7ce314003d43e368025ee9

    • SHA512

      fb362af34e93b0dd897d5be5382df263c47dab5882e93b0e542ce716ca6957cbfd5479d5361c576b7d47eca93d718bf5f8b4eca0d711bde377ff3eeecfed57ca

    • SSDEEP

      98304:jH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfz:9MU4iw7Yx2bns7pLfTgfz

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks