General

  • Target

    99e29c8a9edaba5f4b8eaf36e8c453596255100fdea06ea2c9f889197e2e52c1

  • Size

    4.2MB

  • Sample

    240418-etvgsaaf66

  • MD5

    a109edba528eb2b70329eab8c2b56470

  • SHA1

    4c56da25c85b08dcf4a7489c2ec58de4409e1de9

  • SHA256

    99e29c8a9edaba5f4b8eaf36e8c453596255100fdea06ea2c9f889197e2e52c1

  • SHA512

    f65a16bfa8d6e58c555e08c5a6ad939d4461e6a963b01100c196658d85dff43e107d67dac1b748fce496db63ea2a451dc5d243deeaa2580a3d0f3384d3fbe929

  • SSDEEP

    98304:IT1SD+NjNicufM6G6X/c15iBJGRJ32bm3jabJCAFawk6ewJALv1rR:01pZicuZdXO5iBYRJmbmmbJCLwkQKLdR

Malware Config

Targets

    • Target

      99e29c8a9edaba5f4b8eaf36e8c453596255100fdea06ea2c9f889197e2e52c1

    • Size

      4.2MB

    • MD5

      a109edba528eb2b70329eab8c2b56470

    • SHA1

      4c56da25c85b08dcf4a7489c2ec58de4409e1de9

    • SHA256

      99e29c8a9edaba5f4b8eaf36e8c453596255100fdea06ea2c9f889197e2e52c1

    • SHA512

      f65a16bfa8d6e58c555e08c5a6ad939d4461e6a963b01100c196658d85dff43e107d67dac1b748fce496db63ea2a451dc5d243deeaa2580a3d0f3384d3fbe929

    • SSDEEP

      98304:IT1SD+NjNicufM6G6X/c15iBJGRJ32bm3jabJCAFawk6ewJALv1rR:01pZicuZdXO5iBYRJmbmmbJCLwkQKLdR

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks