General

  • Target

    77e60f8ec598d9df372c268d56ceb84a5fdc5065f7fdfcb73118e1bca028d109

  • Size

    4.2MB

  • Sample

    240418-evrghsca4v

  • MD5

    431549994ced8f0672880ab552c8208e

  • SHA1

    3ae8e5d268f7755d50cffc8b3da1248bc8199232

  • SHA256

    77e60f8ec598d9df372c268d56ceb84a5fdc5065f7fdfcb73118e1bca028d109

  • SHA512

    6474deae1df520dab49d1f5e4eb144dfa9ee97c70bc6aa826096bd205f68219321cda1d92e86db6e8a66ce1e6b0beec231437698d7d7c8016138e72838fa5da5

  • SSDEEP

    98304:wT1SD+NjNicufM6G6X/c15iBJGRJ32bm3jabJCAFawk6ewJALv1rO:c1pZicuZdXO5iBYRJmbmmbJCLwkQKLdO

Malware Config

Targets

    • Target

      77e60f8ec598d9df372c268d56ceb84a5fdc5065f7fdfcb73118e1bca028d109

    • Size

      4.2MB

    • MD5

      431549994ced8f0672880ab552c8208e

    • SHA1

      3ae8e5d268f7755d50cffc8b3da1248bc8199232

    • SHA256

      77e60f8ec598d9df372c268d56ceb84a5fdc5065f7fdfcb73118e1bca028d109

    • SHA512

      6474deae1df520dab49d1f5e4eb144dfa9ee97c70bc6aa826096bd205f68219321cda1d92e86db6e8a66ce1e6b0beec231437698d7d7c8016138e72838fa5da5

    • SSDEEP

      98304:wT1SD+NjNicufM6G6X/c15iBJGRJ32bm3jabJCAFawk6ewJALv1rO:c1pZicuZdXO5iBYRJmbmmbJCLwkQKLdO

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks