General

  • Target

    79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579

  • Size

    4.2MB

  • Sample

    240419-q2aywseh2v

  • MD5

    20b4273768e2a8014af517034a75f2ff

  • SHA1

    294d2f53995fc41d3bb895a30c75166e74684dd5

  • SHA256

    79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579

  • SHA512

    ac133a8c8d326ee135b6d10f06ce3300d35f9049a9aae5912729682eb2e9350c0ae020fe6aa73a23bdf69e0b134e8d3a32d27749e1f6b60240e9a30fee4f3d84

  • SSDEEP

    98304:mnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mo:F8qfPd/x65yttA81u3LZOh/F

Malware Config

Targets

    • Target

      79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579

    • Size

      4.2MB

    • MD5

      20b4273768e2a8014af517034a75f2ff

    • SHA1

      294d2f53995fc41d3bb895a30c75166e74684dd5

    • SHA256

      79d71f5011d81eb329542ee10bf51d18bcfa8cdb423150903666e9c47dc75579

    • SHA512

      ac133a8c8d326ee135b6d10f06ce3300d35f9049a9aae5912729682eb2e9350c0ae020fe6aa73a23bdf69e0b134e8d3a32d27749e1f6b60240e9a30fee4f3d84

    • SSDEEP

      98304:mnK8LmfPd/8stvQd5ytt2zai81uhNveK9SmSQsZGchR1mo:F8qfPd/x65yttA81u3LZOh/F

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks