General

  • Target

    357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e

  • Size

    4.2MB

  • Sample

    240417-spvhwafb5x

  • MD5

    442557b16ef520b4da1275f14f562a6d

  • SHA1

    c3156a7e6758711895c4391b177f548203a3475d

  • SHA256

    357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e

  • SHA512

    36f880b1e0c799f19a3c729e1c46da67f5c7b1e7db28facb38de1e5454d712cec2b80f2bbf202e7d7df954cbe575eb28e496f37f3d99a1011ee7d0bab43b6f67

  • SSDEEP

    98304:MwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxQ:3XR9tYTb7qxEbNx6NSxQ

Malware Config

Targets

    • Target

      357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e

    • Size

      4.2MB

    • MD5

      442557b16ef520b4da1275f14f562a6d

    • SHA1

      c3156a7e6758711895c4391b177f548203a3475d

    • SHA256

      357ec866e92ba8335bac81c317eba879eb5c8f9b7f0fe9965fd6badd7e939c5e

    • SHA512

      36f880b1e0c799f19a3c729e1c46da67f5c7b1e7db28facb38de1e5454d712cec2b80f2bbf202e7d7df954cbe575eb28e496f37f3d99a1011ee7d0bab43b6f67

    • SSDEEP

      98304:MwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxQ:3XR9tYTb7qxEbNx6NSxQ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks