General

  • Target

    db29c045e98c042da7c2bd9f3fc240dabdd27d1eb0cc5f117d9664f1277f7812

  • Size

    4.2MB

  • Sample

    240417-3fqhnsaf7w

  • MD5

    c7f056852aa49b797b0abf9f7f579274

  • SHA1

    772a3e136cfd259698fc4b07deb53eead3dbfcf8

  • SHA256

    db29c045e98c042da7c2bd9f3fc240dabdd27d1eb0cc5f117d9664f1277f7812

  • SHA512

    62c03e080d7e537a26aa166d4e00e20f5d766155d7cc2432a6cfa2f4580feeae13513d686fbdec5bcdcfbfd1daf28aec6a3736d8121b547c6805da54cd2af401

  • SSDEEP

    98304:qkZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDi:rZ2x3CqNcHdGTLNp+F+8elDi

Malware Config

Targets

    • Target

      db29c045e98c042da7c2bd9f3fc240dabdd27d1eb0cc5f117d9664f1277f7812

    • Size

      4.2MB

    • MD5

      c7f056852aa49b797b0abf9f7f579274

    • SHA1

      772a3e136cfd259698fc4b07deb53eead3dbfcf8

    • SHA256

      db29c045e98c042da7c2bd9f3fc240dabdd27d1eb0cc5f117d9664f1277f7812

    • SHA512

      62c03e080d7e537a26aa166d4e00e20f5d766155d7cc2432a6cfa2f4580feeae13513d686fbdec5bcdcfbfd1daf28aec6a3736d8121b547c6805da54cd2af401

    • SSDEEP

      98304:qkZ2HRjDxUqNRSWw/fdG0ya8lhbNKCN+OMuHRmn++CozeYuDi:rZ2x3CqNcHdGTLNp+F+8elDi

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks