General

  • Target

    c27bd9c17c3da43e09edad6a51db6edd389092a9d545f80c7e89b6d0f2e5ed8b

  • Size

    4.2MB

  • Sample

    240417-sqwsbsfb9v

  • MD5

    bb8d8820454b039ece24f9d851f0686e

  • SHA1

    77528227f91125f86ed2b0c58ae055b334d8b8c4

  • SHA256

    c27bd9c17c3da43e09edad6a51db6edd389092a9d545f80c7e89b6d0f2e5ed8b

  • SHA512

    0c71c66f6a9b2fd2756756afbd8601270b01e57323f481e6de84f1a2ec1c1d0028236d35f20d0836ade06e6d6d853ac9e40cc0365c66de63c1f8166ce0c41340

  • SSDEEP

    98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxq:PXR9tYTb7qxEbNx6NSxq

Malware Config

Targets

    • Target

      c27bd9c17c3da43e09edad6a51db6edd389092a9d545f80c7e89b6d0f2e5ed8b

    • Size

      4.2MB

    • MD5

      bb8d8820454b039ece24f9d851f0686e

    • SHA1

      77528227f91125f86ed2b0c58ae055b334d8b8c4

    • SHA256

      c27bd9c17c3da43e09edad6a51db6edd389092a9d545f80c7e89b6d0f2e5ed8b

    • SHA512

      0c71c66f6a9b2fd2756756afbd8601270b01e57323f481e6de84f1a2ec1c1d0028236d35f20d0836ade06e6d6d853ac9e40cc0365c66de63c1f8166ce0c41340

    • SSDEEP

      98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxq:PXR9tYTb7qxEbNx6NSxq

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks