General

  • Target

    ab752fcad94a6706afb3f9a790e9bbb7bb3dae61b45842f383c95cec3646d0a6

  • Size

    4.2MB

  • Sample

    240418-hsj67sfe3v

  • MD5

    abdfe0ead0175a44bf3555ba98798b91

  • SHA1

    c2a2ac1891753e5ec6f20a78e183372d1fb8c5d8

  • SHA256

    ab752fcad94a6706afb3f9a790e9bbb7bb3dae61b45842f383c95cec3646d0a6

  • SHA512

    b1897626936950f1fe0b98602694e093ea7d23ae764222782c76aac6f6af21c965eed03ae8d6d4c8ac396d79060bd85d2967afc0ebba12a7b9ed2aa1b7cc0ac0

  • SSDEEP

    98304:C7V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHF:C5Wq66PzD9dwAKrqCx5F

Malware Config

Targets

    • Target

      ab752fcad94a6706afb3f9a790e9bbb7bb3dae61b45842f383c95cec3646d0a6

    • Size

      4.2MB

    • MD5

      abdfe0ead0175a44bf3555ba98798b91

    • SHA1

      c2a2ac1891753e5ec6f20a78e183372d1fb8c5d8

    • SHA256

      ab752fcad94a6706afb3f9a790e9bbb7bb3dae61b45842f383c95cec3646d0a6

    • SHA512

      b1897626936950f1fe0b98602694e093ea7d23ae764222782c76aac6f6af21c965eed03ae8d6d4c8ac396d79060bd85d2967afc0ebba12a7b9ed2aa1b7cc0ac0

    • SSDEEP

      98304:C7V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHF:C5Wq66PzD9dwAKrqCx5F

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks