General

  • Target

    ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716

  • Size

    4.2MB

  • Sample

    240417-skab5sde29

  • MD5

    5f77ab86dc3f8d2a9ba198b89b66ed52

  • SHA1

    650682eb46879757dba13c8e290ae9f775fb0801

  • SHA256

    ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716

  • SHA512

    2c2d0f36c6c3d40d2a969b2da07c666a84a39d034067a0daccde1a2f527b7da7ef81e39892e6562d21ce778183a18542e3d706b14f9fc24ffc5472cf72e2bb97

  • SSDEEP

    49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiZ:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAZ

Malware Config

Targets

    • Target

      ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716

    • Size

      4.2MB

    • MD5

      5f77ab86dc3f8d2a9ba198b89b66ed52

    • SHA1

      650682eb46879757dba13c8e290ae9f775fb0801

    • SHA256

      ff3b0e72081c71743ef3863b05132631ca141fc38b96d04eed09074ae0a71716

    • SHA512

      2c2d0f36c6c3d40d2a969b2da07c666a84a39d034067a0daccde1a2f527b7da7ef81e39892e6562d21ce778183a18542e3d706b14f9fc24ffc5472cf72e2bb97

    • SSDEEP

      49152:LMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiZ:IHFCy0PUDbdaR/a+iGqhn/GsxbuoAZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks