General

  • Target

    46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35

  • Size

    4.2MB

  • Sample

    240417-smrn7sdf29

  • MD5

    cb9218378fdf4bcc04ac80684a944b6a

  • SHA1

    104e20155585e426ab6d018fcfa635426fa7e8cf

  • SHA256

    46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35

  • SHA512

    42370a06df8dd54b68d7ab35d2d0af78b18e5fbcd153db3675c30d2777f6a87b6a2a3a0bf302fc5230c557f3edc502b77ac60bdf12be034aaeb42ffee9161d27

  • SSDEEP

    49152:rMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiE:oHFCy0PUDbdaR/a+iGqhn/GsxbuoAE

Malware Config

Targets

    • Target

      46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35

    • Size

      4.2MB

    • MD5

      cb9218378fdf4bcc04ac80684a944b6a

    • SHA1

      104e20155585e426ab6d018fcfa635426fa7e8cf

    • SHA256

      46af2657db6af2ca1d034de8ef495598cb3ae04b699e18d12e1a86068007be35

    • SHA512

      42370a06df8dd54b68d7ab35d2d0af78b18e5fbcd153db3675c30d2777f6a87b6a2a3a0bf302fc5230c557f3edc502b77ac60bdf12be034aaeb42ffee9161d27

    • SSDEEP

      49152:rMHICC+QSI60PU9JxQmCyuoNbdaRjKWhg6Fgwtw907GqxUhn/2B3sxVJ7i+NBPiE:oHFCy0PUDbdaR/a+iGqhn/GsxbuoAE

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks