General

  • Target

    2b158f0dbb0bcbfc4c2c3ec212574f06e6be9110080cd419f1c7c9142a011b50

  • Size

    4.2MB

  • Sample

    240417-p41rnaga46

  • MD5

    36295eae6bd245f34c34177bf2491915

  • SHA1

    aab60c6f3df543ea0611d8034d044b029179ee41

  • SHA256

    2b158f0dbb0bcbfc4c2c3ec212574f06e6be9110080cd419f1c7c9142a011b50

  • SHA512

    49db4b30aa1daebf8c20a6df3376991793e693418e0006c5b26fc32ede0beb2f7c4da83ab37d9f76e9d1305a69f80cbcb8532ad14271a4e0e2f4643af1a19074

  • SSDEEP

    98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxblio:YPIhkJiF6OSCTez0RwjGiZkl7

Malware Config

Targets

    • Target

      2b158f0dbb0bcbfc4c2c3ec212574f06e6be9110080cd419f1c7c9142a011b50

    • Size

      4.2MB

    • MD5

      36295eae6bd245f34c34177bf2491915

    • SHA1

      aab60c6f3df543ea0611d8034d044b029179ee41

    • SHA256

      2b158f0dbb0bcbfc4c2c3ec212574f06e6be9110080cd419f1c7c9142a011b50

    • SHA512

      49db4b30aa1daebf8c20a6df3376991793e693418e0006c5b26fc32ede0beb2f7c4da83ab37d9f76e9d1305a69f80cbcb8532ad14271a4e0e2f4643af1a19074

    • SSDEEP

      98304:HwgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxblio:YPIhkJiF6OSCTez0RwjGiZkl7

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks