General

  • Target

    411c7426168778f2b819a1bd2dab396068d001182fc759509a873e4aa053f092

  • Size

    4.2MB

  • Sample

    240417-yxz18ada97

  • MD5

    afef7a8d923bc94d4ae6221537f64d2b

  • SHA1

    19fd8d0bc0ddfb1c15f271cca71305992aa9b106

  • SHA256

    411c7426168778f2b819a1bd2dab396068d001182fc759509a873e4aa053f092

  • SHA512

    6ddaffec1b97906a7ec2617421c9bf9c61b947a92505aa70f886b92d20231a985f110cf5b32855f14003d00ca6072c57fc93b4c7c7d69c3654516ea875861c90

  • SSDEEP

    98304:RU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+T/:DIh7By/QBEsp+2hnf/

Malware Config

Targets

    • Target

      411c7426168778f2b819a1bd2dab396068d001182fc759509a873e4aa053f092

    • Size

      4.2MB

    • MD5

      afef7a8d923bc94d4ae6221537f64d2b

    • SHA1

      19fd8d0bc0ddfb1c15f271cca71305992aa9b106

    • SHA256

      411c7426168778f2b819a1bd2dab396068d001182fc759509a873e4aa053f092

    • SHA512

      6ddaffec1b97906a7ec2617421c9bf9c61b947a92505aa70f886b92d20231a985f110cf5b32855f14003d00ca6072c57fc93b4c7c7d69c3654516ea875861c90

    • SSDEEP

      98304:RU4Iq03aI5N3yqqHwBEspKQ2DvCGo03KUue+T/:DIh7By/QBEsp+2hnf/

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks