General

  • Target

    ec4bf36843e75db46bf446341b9b628cf5b92d64908602994c0388a509afca3a

  • Size

    4.2MB

  • Sample

    240411-et3s6aca57

  • MD5

    74b10c71fe17b2a762fb9e0a6aec356c

  • SHA1

    7d89ac68392ab3ce93902ba2397ea5e18ce78550

  • SHA256

    ec4bf36843e75db46bf446341b9b628cf5b92d64908602994c0388a509afca3a

  • SHA512

    cfb66059db590fb608b9f607dd1bf54d54e1c031d6cc541d6040ea507f7d6d8a24cc528678c850edade16562a4146f14368e73baa85364fbb147724dca2fd129

  • SSDEEP

    98304:I5lPBaWBrbylaZCxbWq17tgxAPYITosQNEMg2S6aC8AEQ:WjBrYYebWqlbosQ6t6aC1V

Malware Config

Targets

    • Target

      ec4bf36843e75db46bf446341b9b628cf5b92d64908602994c0388a509afca3a

    • Size

      4.2MB

    • MD5

      74b10c71fe17b2a762fb9e0a6aec356c

    • SHA1

      7d89ac68392ab3ce93902ba2397ea5e18ce78550

    • SHA256

      ec4bf36843e75db46bf446341b9b628cf5b92d64908602994c0388a509afca3a

    • SHA512

      cfb66059db590fb608b9f607dd1bf54d54e1c031d6cc541d6040ea507f7d6d8a24cc528678c850edade16562a4146f14368e73baa85364fbb147724dca2fd129

    • SSDEEP

      98304:I5lPBaWBrbylaZCxbWq17tgxAPYITosQNEMg2S6aC8AEQ:WjBrYYebWqlbosQ6t6aC1V

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks