General

  • Target

    4aae702165b25b7085abc0b21bd2321cf43beadf8655f0985c375ddf4792e88f

  • Size

    4.2MB

  • Sample

    240417-ywjylsec6s

  • MD5

    892188085eaae5fce7b7c4ec29f10955

  • SHA1

    ff88916bf6ef15b8ab5253c0166c1c77cc4c3a90

  • SHA256

    4aae702165b25b7085abc0b21bd2321cf43beadf8655f0985c375ddf4792e88f

  • SHA512

    807e907cc627c1be66a0af521449fc5a83494046133c614125b828948d4b34c102780af499e52e3d81b95ce32de8bf0b7e7ea6c3582f062adfe7ce3fd8356713

  • SSDEEP

    98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+TX:rIh7By/QBEsp+2hnfX

Malware Config

Targets

    • Target

      4aae702165b25b7085abc0b21bd2321cf43beadf8655f0985c375ddf4792e88f

    • Size

      4.2MB

    • MD5

      892188085eaae5fce7b7c4ec29f10955

    • SHA1

      ff88916bf6ef15b8ab5253c0166c1c77cc4c3a90

    • SHA256

      4aae702165b25b7085abc0b21bd2321cf43beadf8655f0985c375ddf4792e88f

    • SHA512

      807e907cc627c1be66a0af521449fc5a83494046133c614125b828948d4b34c102780af499e52e3d81b95ce32de8bf0b7e7ea6c3582f062adfe7ce3fd8356713

    • SSDEEP

      98304:ZU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+TX:rIh7By/QBEsp+2hnfX

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks