General

  • Target

    71591f19cf4ee4f4f50a20bc60ba12df5df3eb8a164dce0eedcab7b00198fa24

  • Size

    4.1MB

  • Sample

    240404-v2jcgseb78

  • MD5

    c31d613c0ca13fa1f0fcaf8c1ccbbc83

  • SHA1

    83cf32ee2d24b6e7d66dfb28d60a5cb43976294a

  • SHA256

    71591f19cf4ee4f4f50a20bc60ba12df5df3eb8a164dce0eedcab7b00198fa24

  • SHA512

    8e8311e701e90226a949609ad6ca29b58d22d6d99c55b4fae8405ae5cfd6e5cc96d9e794cd4b23436c14f0e7cbc7bc5d256cf689aa09e4c0493501d81b559cb9

  • SSDEEP

    98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf6:NMU4iw7Yx2bns7pLfTgf6

Malware Config

Targets

    • Target

      71591f19cf4ee4f4f50a20bc60ba12df5df3eb8a164dce0eedcab7b00198fa24

    • Size

      4.1MB

    • MD5

      c31d613c0ca13fa1f0fcaf8c1ccbbc83

    • SHA1

      83cf32ee2d24b6e7d66dfb28d60a5cb43976294a

    • SHA256

      71591f19cf4ee4f4f50a20bc60ba12df5df3eb8a164dce0eedcab7b00198fa24

    • SHA512

      8e8311e701e90226a949609ad6ca29b58d22d6d99c55b4fae8405ae5cfd6e5cc96d9e794cd4b23436c14f0e7cbc7bc5d256cf689aa09e4c0493501d81b559cb9

    • SSDEEP

      98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgf6:NMU4iw7Yx2bns7pLfTgf6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks