General

  • Target

    895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971

  • Size

    4.2MB

  • Sample

    240420-kceynace55

  • MD5

    4adf4fe1695ef3f7c22fceb960bb7d95

  • SHA1

    d8418800c03b12565849c2d743a8959f60fb2c3c

  • SHA256

    895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971

  • SHA512

    767e8712b1654f60665d205f5971c5f90b731a76d9c7bd3becaed4af4df05a246cc85c8bfdfe064be307d992c667afd2637291f464a00442daa43913290181fe

  • SSDEEP

    98304:iS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORO:TEcJzF4UNHqA/dsmoVS4YAf195

Malware Config

Targets

    • Target

      895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971

    • Size

      4.2MB

    • MD5

      4adf4fe1695ef3f7c22fceb960bb7d95

    • SHA1

      d8418800c03b12565849c2d743a8959f60fb2c3c

    • SHA256

      895983765d136f67c5f3916f8b4f0024e475a247926a980d29f73e9180bc4971

    • SHA512

      767e8712b1654f60665d205f5971c5f90b731a76d9c7bd3becaed4af4df05a246cc85c8bfdfe064be307d992c667afd2637291f464a00442daa43913290181fe

    • SSDEEP

      98304:iS8Tc81AzKVcNOUNHF6RiNP154spKvDdhObEo7QvVY0ryRAf1Tp7ORO:TEcJzF4UNHqA/dsmoVS4YAf195

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks