General

  • Target

    173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18

  • Size

    4.2MB

  • Sample

    240418-hwfm7afe81

  • MD5

    d2c5224a201ec30c6a131d719d418582

  • SHA1

    bd9158830e67d8957d6329c250c3727f0dd080d6

  • SHA256

    173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18

  • SHA512

    182ab50da24d7eb0e753043bfccf6ef05a30330dec4ed404d7eaffe641d5e0e10dd0dab9e14c78225d319bb6aae41e39e357e9013fdf20a9ddd9379cc7f48b17

  • SSDEEP

    98304:67V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHg:q5Wq66PzD9dwAKrqCx5g

Malware Config

Targets

    • Target

      173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18

    • Size

      4.2MB

    • MD5

      d2c5224a201ec30c6a131d719d418582

    • SHA1

      bd9158830e67d8957d6329c250c3727f0dd080d6

    • SHA256

      173a76d961c98e4fc6957e4a2194eb7afb21ac2570e9e6e6a68ea50004309f18

    • SHA512

      182ab50da24d7eb0e753043bfccf6ef05a30330dec4ed404d7eaffe641d5e0e10dd0dab9e14c78225d319bb6aae41e39e357e9013fdf20a9ddd9379cc7f48b17

    • SSDEEP

      98304:67V5WBlU86Tvm6P9JrD90yOgG9ATmX7qCnxtHg:q5Wq66PzD9dwAKrqCx5g

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks