General

  • Target

    d0bdf3d90218c0a8b66109f4b0a9170f5b04d9c503d6681e690bfe19adfc787e

  • Size

    4.2MB

  • Sample

    240417-p4cd3afh92

  • MD5

    d4e44956a9f0e832d9bed156f18f985a

  • SHA1

    0486acc1f7e0f8535d13e483761ea2cee9b95c16

  • SHA256

    d0bdf3d90218c0a8b66109f4b0a9170f5b04d9c503d6681e690bfe19adfc787e

  • SHA512

    9dbe62f2d3bc1f10114c9ee577dc5663968e50d8e0a435087cd29dab4d4b52594b92b89ee08d200533dd658f13b44bf49178b3bd22e3e2462bbaaa2642f75fde

  • SSDEEP

    98304:/wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliG:APIhkJiF6OSCTez0RwjGiZklx

Malware Config

Targets

    • Target

      d0bdf3d90218c0a8b66109f4b0a9170f5b04d9c503d6681e690bfe19adfc787e

    • Size

      4.2MB

    • MD5

      d4e44956a9f0e832d9bed156f18f985a

    • SHA1

      0486acc1f7e0f8535d13e483761ea2cee9b95c16

    • SHA256

      d0bdf3d90218c0a8b66109f4b0a9170f5b04d9c503d6681e690bfe19adfc787e

    • SHA512

      9dbe62f2d3bc1f10114c9ee577dc5663968e50d8e0a435087cd29dab4d4b52594b92b89ee08d200533dd658f13b44bf49178b3bd22e3e2462bbaaa2642f75fde

    • SSDEEP

      98304:/wgJ0K+PIdMx0kJiFtsOSoRTiNy5FTeRdH/jgRnLKd+iGCp3lZyxxbliG:APIhkJiF6OSCTez0RwjGiZklx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks