General

  • Target

    2766ccfbcebcc8d898eac7116978734be31ed78c52b106f49f85bdb06cda42dd

  • Size

    4.2MB

  • Sample

    240417-yvmm4sch96

  • MD5

    281c06d82e96489cadef535194a9752f

  • SHA1

    4fadc4ab47ce8804c2e477514f9e4a66e87acf1a

  • SHA256

    2766ccfbcebcc8d898eac7116978734be31ed78c52b106f49f85bdb06cda42dd

  • SHA512

    bfbef84b8aa549bd0f1ad17086f97aae85dc6d3f721ce93671b9c3ff273976c8a8d27ae97c4c60ffc82f4721b5cd5e44edb27433b54d3ef6a75463c84bf89ee3

  • SSDEEP

    98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+Tc:rIh7By/QBEsp+2hnfc

Malware Config

Targets

    • Target

      2766ccfbcebcc8d898eac7116978734be31ed78c52b106f49f85bdb06cda42dd

    • Size

      4.2MB

    • MD5

      281c06d82e96489cadef535194a9752f

    • SHA1

      4fadc4ab47ce8804c2e477514f9e4a66e87acf1a

    • SHA256

      2766ccfbcebcc8d898eac7116978734be31ed78c52b106f49f85bdb06cda42dd

    • SHA512

      bfbef84b8aa549bd0f1ad17086f97aae85dc6d3f721ce93671b9c3ff273976c8a8d27ae97c4c60ffc82f4721b5cd5e44edb27433b54d3ef6a75463c84bf89ee3

    • SSDEEP

      98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+Tc:rIh7By/QBEsp+2hnfc

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks