General

  • Target

    3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867

  • Size

    4.2MB

  • Sample

    240417-sspf2afc6t

  • MD5

    ee2b6f482055fb4fd19babab73d53ada

  • SHA1

    761f91a84566d0ff1aabed722ac70d84d8029c8b

  • SHA256

    3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867

  • SHA512

    5fb9e192aa8f176c2348790a1245b6ac095903f45443835cd3f8049ee76b20c30ae80c539d1eded63a311a1759a31806446abe609b4d3d30c4b9293484989fe9

  • SSDEEP

    98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:PXR9tYTb7qxEbNx6NSxZ

Malware Config

Targets

    • Target

      3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867

    • Size

      4.2MB

    • MD5

      ee2b6f482055fb4fd19babab73d53ada

    • SHA1

      761f91a84566d0ff1aabed722ac70d84d8029c8b

    • SHA256

      3591ed61eb36d0baa6c5cbb6e6bea7b5c7b03a68436a5e75ae8d0b0e11e11867

    • SHA512

      5fb9e192aa8f176c2348790a1245b6ac095903f45443835cd3f8049ee76b20c30ae80c539d1eded63a311a1759a31806446abe609b4d3d30c4b9293484989fe9

    • SSDEEP

      98304:UwoxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:PXR9tYTb7qxEbNx6NSxZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks