General

  • Target

    af9b2db7ad88af015bf9b87dd7b7236b65428a5acf51dff5951b6e830033af51

  • Size

    4.1MB

  • Sample

    240404-v2wb2sdf21

  • MD5

    c7db5a359d50ea9c313af4241728fada

  • SHA1

    6ea36a4c37c952958864ba4dfe42e2a0bb1dcf83

  • SHA256

    af9b2db7ad88af015bf9b87dd7b7236b65428a5acf51dff5951b6e830033af51

  • SHA512

    4b57bbc8e62d8bba41a39286cd66e841e2c57cd43ced22f20abf9a683076f4ec2203eb65c1ff7e356c29bad734786b3a9be64eaefee4910cfc80719523ab0a37

  • SSDEEP

    98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfn:NMU4iw7Yx2bns7pLfTgfn

Malware Config

Targets

    • Target

      af9b2db7ad88af015bf9b87dd7b7236b65428a5acf51dff5951b6e830033af51

    • Size

      4.1MB

    • MD5

      c7db5a359d50ea9c313af4241728fada

    • SHA1

      6ea36a4c37c952958864ba4dfe42e2a0bb1dcf83

    • SHA256

      af9b2db7ad88af015bf9b87dd7b7236b65428a5acf51dff5951b6e830033af51

    • SHA512

      4b57bbc8e62d8bba41a39286cd66e841e2c57cd43ced22f20abf9a683076f4ec2203eb65c1ff7e356c29bad734786b3a9be64eaefee4910cfc80719523ab0a37

    • SSDEEP

      98304:zH5J7CzszSbiwn7GrcYbqmT2oxXGbns7pL8WqJWTgfn:NMU4iw7Yx2bns7pLfTgfn

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks