General

  • Target

    dbc9626accf372487454b8e436f2f4fd448c6f81e7a22411c7712c9c46ad4976

  • Size

    4.2MB

  • Sample

    240417-ssmbnsdg79

  • MD5

    3aac9be9b6bea33ea55e27d4dbd955f3

  • SHA1

    796aeecd2008a1784978f414298d4057b03ceb46

  • SHA256

    dbc9626accf372487454b8e436f2f4fd448c6f81e7a22411c7712c9c46ad4976

  • SHA512

    3232d210d19d59afa2b7d10f5a8572fda20251e858baf1b9b9d504ca6d5c2094172b208646bd92a5a310a0be7a00209a3e978eee5f4cd35154aac71a7825ad9d

  • SSDEEP

    98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxe:nXR9tYTb7qxEbNx6NSxe

Malware Config

Targets

    • Target

      dbc9626accf372487454b8e436f2f4fd448c6f81e7a22411c7712c9c46ad4976

    • Size

      4.2MB

    • MD5

      3aac9be9b6bea33ea55e27d4dbd955f3

    • SHA1

      796aeecd2008a1784978f414298d4057b03ceb46

    • SHA256

      dbc9626accf372487454b8e436f2f4fd448c6f81e7a22411c7712c9c46ad4976

    • SHA512

      3232d210d19d59afa2b7d10f5a8572fda20251e858baf1b9b9d504ca6d5c2094172b208646bd92a5a310a0be7a00209a3e978eee5f4cd35154aac71a7825ad9d

    • SSDEEP

      98304:cwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8Qxe:nXR9tYTb7qxEbNx6NSxe

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks