General

  • Target

    e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05

  • Size

    4.2MB

  • Sample

    240419-wnnwgscc2y

  • MD5

    1d213c7a8ede391edda993d04596fabc

  • SHA1

    ad1db6c10cc4d965304f82e67e06e3ac76968a8a

  • SHA256

    e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05

  • SHA512

    ae3102df6674be740c85d435f3a33e42f9ffc28e9bdcd7cdfe6ab8665f2b18861bc4a09dd365c3effc1fcceb554e37bde8eedf798806d4962168dd595c51b97c

  • SSDEEP

    98304:1By5JAu+Hk0Et5Mgg8VWlfA2+5+VVv7Fm6fCg:uAu+ENnjVyYiVNw4N

Malware Config

Targets

    • Target

      e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05

    • Size

      4.2MB

    • MD5

      1d213c7a8ede391edda993d04596fabc

    • SHA1

      ad1db6c10cc4d965304f82e67e06e3ac76968a8a

    • SHA256

      e3b7410f25d23aa9fd638e0dbe56ef735151d8b47f13ab2f0cb173943c182b05

    • SHA512

      ae3102df6674be740c85d435f3a33e42f9ffc28e9bdcd7cdfe6ab8665f2b18861bc4a09dd365c3effc1fcceb554e37bde8eedf798806d4962168dd595c51b97c

    • SSDEEP

      98304:1By5JAu+Hk0Et5Mgg8VWlfA2+5+VVv7Fm6fCg:uAu+ENnjVyYiVNw4N

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks