General

  • Target

    a46a4875647ad11df54417244d1e2079ecc5f69a40ccad854e715c94eae359be

  • Size

    4.2MB

  • Sample

    240417-sqeh2sfb7w

  • MD5

    c9683b17247b9be94d60de17bb0b1019

  • SHA1

    2c59262db072e3e43a8f22716fdf13544cb48e11

  • SHA256

    a46a4875647ad11df54417244d1e2079ecc5f69a40ccad854e715c94eae359be

  • SHA512

    506534f193d6d2bfc38e0e057738cd29749eed648b6d5fecb13f87c14d88ba1c70b9ab751306be8a8ce951149c22640791bb3e08947c30fb70e6584a8ea22fb0

  • SSDEEP

    98304:EwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxxu:fXR9tYTb7qxEbNx6NSxM

Malware Config

Targets

    • Target

      a46a4875647ad11df54417244d1e2079ecc5f69a40ccad854e715c94eae359be

    • Size

      4.2MB

    • MD5

      c9683b17247b9be94d60de17bb0b1019

    • SHA1

      2c59262db072e3e43a8f22716fdf13544cb48e11

    • SHA256

      a46a4875647ad11df54417244d1e2079ecc5f69a40ccad854e715c94eae359be

    • SHA512

      506534f193d6d2bfc38e0e057738cd29749eed648b6d5fecb13f87c14d88ba1c70b9ab751306be8a8ce951149c22640791bb3e08947c30fb70e6584a8ea22fb0

    • SSDEEP

      98304:EwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxxu:fXR9tYTb7qxEbNx6NSxM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks