General

  • Target

    bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014

  • Size

    4.2MB

  • Sample

    240419-hvxv3sbe38

  • MD5

    a0455783057716ecd106cc4baa50fb59

  • SHA1

    3eeafb5a2a3b82d757f1e995b9cf44c0bc15ffc4

  • SHA256

    bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014

  • SHA512

    325ad4f8c4975e2277948968ae7d6751e2d17b98becb3d46b4b59ff8737cdef97d967f6149bdc94171eec99ccd6a3be7729c94a8e60314bc72aaabbb5918d219

  • SSDEEP

    98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/49:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ49

Malware Config

Targets

    • Target

      bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014

    • Size

      4.2MB

    • MD5

      a0455783057716ecd106cc4baa50fb59

    • SHA1

      3eeafb5a2a3b82d757f1e995b9cf44c0bc15ffc4

    • SHA256

      bd735fb40da8ebda13128b9e3b8e3048d7235b8150de04cc9e20d48a4e360014

    • SHA512

      325ad4f8c4975e2277948968ae7d6751e2d17b98becb3d46b4b59ff8737cdef97d967f6149bdc94171eec99ccd6a3be7729c94a8e60314bc72aaabbb5918d219

    • SSDEEP

      98304:PNkDk7Y2e9fhWY+LbgLFpBVAayCN/CB0J4dlv7S/k29jp/49:Wk7LeNhW/+FpBVAa19Ce4dlv7wZ49

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks