General

  • Target

    eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7

  • Size

    4.2MB

  • Sample

    240417-srtpcsfc3x

  • MD5

    21d6332251f1e32d8a4791cd5a0933e8

  • SHA1

    f59c0a18e6e156ef7756ae65daea6bf914960840

  • SHA256

    eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7

  • SHA512

    8328d43c35f18c1ba8737a585a04620afaae513a1fce0099c7abce8fb8cbae34afb3e1e3f30fa7981f0fc76c819140c4d5e08fd555c72e599b27adf8c6482054

  • SSDEEP

    98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxB:nXR9tYTb7qxEbNx6NSxB

Malware Config

Targets

    • Target

      eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7

    • Size

      4.2MB

    • MD5

      21d6332251f1e32d8a4791cd5a0933e8

    • SHA1

      f59c0a18e6e156ef7756ae65daea6bf914960840

    • SHA256

      eb65adc03302d0d07c6dc793bc8ee0ceb0e134fea724fa37b1b39dfef9d93ec7

    • SHA512

      8328d43c35f18c1ba8737a585a04620afaae513a1fce0099c7abce8fb8cbae34afb3e1e3f30fa7981f0fc76c819140c4d5e08fd555c72e599b27adf8c6482054

    • SSDEEP

      98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxB:nXR9tYTb7qxEbNx6NSxB

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks