General

  • Target

    77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc

  • Size

    4.2MB

  • Sample

    240417-sp11nafb6s

  • MD5

    5357755ed41b382ca0386264a806d192

  • SHA1

    f4dbf8950430ddc9b3168aeab29d5108e754af52

  • SHA256

    77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc

  • SHA512

    10b0530069250cbb1bc02b48a2bcdb4f997033c009b49e837a8995c138d62e9dfe18cefe53723fb073516668c78c3b33b3b4efe771b92776319bd445241436be

  • SSDEEP

    98304:8woxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qx/:HXR9tYTb7qxEbNx6NSx/

Malware Config

Targets

    • Target

      77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc

    • Size

      4.2MB

    • MD5

      5357755ed41b382ca0386264a806d192

    • SHA1

      f4dbf8950430ddc9b3168aeab29d5108e754af52

    • SHA256

      77b6b2763da9a1a9cf0f5b6a8a8c6b7d0224c32ac1b47cdf990851048e97b9fc

    • SHA512

      10b0530069250cbb1bc02b48a2bcdb4f997033c009b49e837a8995c138d62e9dfe18cefe53723fb073516668c78c3b33b3b4efe771b92776319bd445241436be

    • SSDEEP

      98304:8woxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qx/:HXR9tYTb7qxEbNx6NSx/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks