General

  • Target

    507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f

  • Size

    4.2MB

  • Sample

    240417-275w1ahc28

  • MD5

    5fef6298956316651c78a1c4f0a64b69

  • SHA1

    73d4af5ebdb890e83fdeb50bf8e4c5c82d3521a3

  • SHA256

    507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f

  • SHA512

    4c91d0cfb6307c0b318f1899de74d211dff47351ae06a56fac8ae1f39b5b8fccdc615f8e9e7c74203030ddcfd40ca98c1fe156e9a4843a242bbed28ac537c072

  • SSDEEP

    98304:9uj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxx:Aj+FTuwJ2ZmxTB8FOXbwqtOnFmYxx

Malware Config

Targets

    • Target

      507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f

    • Size

      4.2MB

    • MD5

      5fef6298956316651c78a1c4f0a64b69

    • SHA1

      73d4af5ebdb890e83fdeb50bf8e4c5c82d3521a3

    • SHA256

      507a01906df7c9cf71d42e74d3ae5c051705f4c373aaddc3d2f2d360749dec8f

    • SHA512

      4c91d0cfb6307c0b318f1899de74d211dff47351ae06a56fac8ae1f39b5b8fccdc615f8e9e7c74203030ddcfd40ca98c1fe156e9a4843a242bbed28ac537c072

    • SSDEEP

      98304:9uj+q6TJ4wJXu5ZJ1j+7xTB8ercClYoKJ32fC3NV26E3wqtOnXcGdwYxxx:Aj+FTuwJ2ZmxTB8FOXbwqtOnFmYxx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks