General

  • Target

    07c3994e2fcb26d66993574c525b0c8dda60f76b99b6b6b0edc38d572cdb047f

  • Size

    4.2MB

  • Sample

    240419-ez5vpshf6v

  • MD5

    88d6b4e1a97f44ea7f7485fe968bc8b7

  • SHA1

    310aa2dd359150194c46077bd463048a1853c150

  • SHA256

    07c3994e2fcb26d66993574c525b0c8dda60f76b99b6b6b0edc38d572cdb047f

  • SHA512

    a332038273e60b859867b37c00d596eb638d6f54f0afc6fce150912b62d1fd85c48cbe09595e190769f639fe5cb751a5c0cf87fd232103c91bb2747e8e63733e

  • SSDEEP

    98304:kRUBmLZ3rmtSop/fcfKtwQG3TQtt4oKMJO6VS6U7CKzh7k:8xKEC/fcfKt9ykOWRUGoh7k

Malware Config

Targets

    • Target

      07c3994e2fcb26d66993574c525b0c8dda60f76b99b6b6b0edc38d572cdb047f

    • Size

      4.2MB

    • MD5

      88d6b4e1a97f44ea7f7485fe968bc8b7

    • SHA1

      310aa2dd359150194c46077bd463048a1853c150

    • SHA256

      07c3994e2fcb26d66993574c525b0c8dda60f76b99b6b6b0edc38d572cdb047f

    • SHA512

      a332038273e60b859867b37c00d596eb638d6f54f0afc6fce150912b62d1fd85c48cbe09595e190769f639fe5cb751a5c0cf87fd232103c91bb2747e8e63733e

    • SSDEEP

      98304:kRUBmLZ3rmtSop/fcfKtwQG3TQtt4oKMJO6VS6U7CKzh7k:8xKEC/fcfKt9ykOWRUGoh7k

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks