General

  • Target

    3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503

  • Size

    4.2MB

  • Sample

    240419-xzqpwsdb32

  • MD5

    7e248f25f0af33ccd8993bd7f5c4a121

  • SHA1

    c4cdb88b61822c245445e680d2369a9b5417cab8

  • SHA256

    3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503

  • SHA512

    3d85d9cf79dce74e75a712fe2ae781a7859c380485d5c60f5a8de8f9e26639e5a8e66f6462f4effb7c2d6441668a6e7c03122f4275db3e931a8949891e55e7dc

  • SSDEEP

    98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe9:Rw6rquKXDtU1Y2GYniVjUHI

Malware Config

Targets

    • Target

      3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503

    • Size

      4.2MB

    • MD5

      7e248f25f0af33ccd8993bd7f5c4a121

    • SHA1

      c4cdb88b61822c245445e680d2369a9b5417cab8

    • SHA256

      3c117306f10caded888705ff4e1d9b1a6023e1799724762e93f48c1c84fea503

    • SHA512

      3d85d9cf79dce74e75a712fe2ae781a7859c380485d5c60f5a8de8f9e26639e5a8e66f6462f4effb7c2d6441668a6e7c03122f4275db3e931a8949891e55e7dc

    • SSDEEP

      98304:TtwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHe9:Rw6rquKXDtU1Y2GYniVjUHI

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks