General

  • Target

    281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d

  • Size

    4.2MB

  • Sample

    240417-267n7shb86

  • MD5

    97cea45558647206b215ad033751d6ae

  • SHA1

    ca36be9b42d7e88bf142e25d666170123ceebe6e

  • SHA256

    281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d

  • SHA512

    94e09585dc18ad39e55ab4084162b8eca6eb5b94c7bd64e65597fe0e7edf77f9d512d6b4f8b571b80390f6ce9d0f8756fcda6c57de6dfe3b4f1d6aa6437b624d

  • SSDEEP

    98304:Fuj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxx1:4j+FTuwJ2ZmxTB8FOXbwqtOnFmYx1

Malware Config

Targets

    • Target

      281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d

    • Size

      4.2MB

    • MD5

      97cea45558647206b215ad033751d6ae

    • SHA1

      ca36be9b42d7e88bf142e25d666170123ceebe6e

    • SHA256

      281bd4b64963ad7615f7550370a0a95c8c9d0e93edbed0eeb23745073575358d

    • SHA512

      94e09585dc18ad39e55ab4084162b8eca6eb5b94c7bd64e65597fe0e7edf77f9d512d6b4f8b571b80390f6ce9d0f8756fcda6c57de6dfe3b4f1d6aa6437b624d

    • SSDEEP

      98304:Fuj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxx1:4j+FTuwJ2ZmxTB8FOXbwqtOnFmYx1

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks