General

  • Target

    133db22df4995aef39dc8055e10036a52c93652579f5cf7dcb181e9e0eb7cedc

  • Size

    4.2MB

  • Sample

    240417-stadhafc7y

  • MD5

    df447705a70bf9fb694d0bbadf2fcbc3

  • SHA1

    7124ab310c2a2a6911823bfe14c48ecf460ca350

  • SHA256

    133db22df4995aef39dc8055e10036a52c93652579f5cf7dcb181e9e0eb7cedc

  • SHA512

    3521c9c0c0ea286b7f00747386209ab941853a0d7c1b5928f8dd8300a67a9efd5d3fcd78be63e5caed1002f4b929a5ccc21b16614a585be2a6c821c0a54c0ef5

  • SSDEEP

    98304:0woxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:vXR9tYTb7qxEbNx6NSxZ

Malware Config

Targets

    • Target

      133db22df4995aef39dc8055e10036a52c93652579f5cf7dcb181e9e0eb7cedc

    • Size

      4.2MB

    • MD5

      df447705a70bf9fb694d0bbadf2fcbc3

    • SHA1

      7124ab310c2a2a6911823bfe14c48ecf460ca350

    • SHA256

      133db22df4995aef39dc8055e10036a52c93652579f5cf7dcb181e9e0eb7cedc

    • SHA512

      3521c9c0c0ea286b7f00747386209ab941853a0d7c1b5928f8dd8300a67a9efd5d3fcd78be63e5caed1002f4b929a5ccc21b16614a585be2a6c821c0a54c0ef5

    • SSDEEP

      98304:0woxqRNHtYTbrnnqfLVkrWMdzx639PKF8QxZ:vXR9tYTb7qxEbNx6NSxZ

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks