General

  • Target

    85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92

  • Size

    4.2MB

  • Sample

    240417-s2nk4aeb88

  • MD5

    cf03a9206556110032e9aec6987fbbaf

  • SHA1

    33f74cdfbbfc007ee40383862887121ac04e9a0e

  • SHA256

    85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92

  • SHA512

    80b06f249907a3014e5644a691a6c4ba6922e7179a8d8246b5e8f77367d34b4e798febbefe04deaee56aabf95fdebdc8831380f746ad8a5de45df68f84eca8d2

  • SSDEEP

    98304:LLVbjn5QXbYqWv3ncm0WhzzpB76eQWY7QAi:LRxMbhu1zzpBZQWY7QAi

Malware Config

Targets

    • Target

      85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92

    • Size

      4.2MB

    • MD5

      cf03a9206556110032e9aec6987fbbaf

    • SHA1

      33f74cdfbbfc007ee40383862887121ac04e9a0e

    • SHA256

      85d9fb85e3bd205c6b78ea6ef41a4bc6590d853012d75cae888c896b9cb71b92

    • SHA512

      80b06f249907a3014e5644a691a6c4ba6922e7179a8d8246b5e8f77367d34b4e798febbefe04deaee56aabf95fdebdc8831380f746ad8a5de45df68f84eca8d2

    • SSDEEP

      98304:LLVbjn5QXbYqWv3ncm0WhzzpB76eQWY7QAi:LRxMbhu1zzpBZQWY7QAi

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks