General

  • Target

    07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89

  • Size

    4.2MB

  • Sample

    240417-p45evahe7v

  • MD5

    76e60e94332cc2170e2671b684e5e9cd

  • SHA1

    c6bb992ab018290e3fc87db58d6a86198e3c434d

  • SHA256

    07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89

  • SHA512

    e2bb67ec1d9eb3a62ca77eb55acafd66103e05d85897a91a6938c732e629e40f1d2cf31e67684326ecb51c3e22d43237a9836f00454bd47634651016059ad58c

  • SSDEEP

    98304:3wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliJ:oPIhkJiF6OSCTez0RwjGiZkl6

Malware Config

Targets

    • Target

      07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89

    • Size

      4.2MB

    • MD5

      76e60e94332cc2170e2671b684e5e9cd

    • SHA1

      c6bb992ab018290e3fc87db58d6a86198e3c434d

    • SHA256

      07270bab16055d1e81979513acc2b260396435be75c1ea83d068135d33fd1f89

    • SHA512

      e2bb67ec1d9eb3a62ca77eb55acafd66103e05d85897a91a6938c732e629e40f1d2cf31e67684326ecb51c3e22d43237a9836f00454bd47634651016059ad58c

    • SSDEEP

      98304:3wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliJ:oPIhkJiF6OSCTez0RwjGiZkl6

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks