General

  • Target

    26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235

  • Size

    4.2MB

  • Sample

    240417-p41fwshe6t

  • MD5

    519eaf44400ae8e6d1446b5f17c23cbe

  • SHA1

    7b84cd04b2245035afccbe7b9e772ad9a41e3874

  • SHA256

    26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235

  • SHA512

    d3ca833f20303cc6287dbb014b45d70bf8043b4a6913cf8b7d69dccd0b299edbf2d6a47582966c2f8094e0e39822f4596c17f0f60804b7f369dfbba3dbafa5ba

  • SSDEEP

    98304:XwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliX:IPIhkJiF6OSCTez0RwjGiZklc

Malware Config

Targets

    • Target

      26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235

    • Size

      4.2MB

    • MD5

      519eaf44400ae8e6d1446b5f17c23cbe

    • SHA1

      7b84cd04b2245035afccbe7b9e772ad9a41e3874

    • SHA256

      26f72f6c1006db52868801b6d640add7c8e33c6c619be692f3ba4ca7886d7235

    • SHA512

      d3ca833f20303cc6287dbb014b45d70bf8043b4a6913cf8b7d69dccd0b299edbf2d6a47582966c2f8094e0e39822f4596c17f0f60804b7f369dfbba3dbafa5ba

    • SSDEEP

      98304:XwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliX:IPIhkJiF6OSCTez0RwjGiZklc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks