General

  • Target

    0e8d42df2baf16aa25989807091f01925beb42c28aa2caf7aeb95b6b14d3658f

  • Size

    4.2MB

  • Sample

    240420-nn71csgb6z

  • MD5

    e35f0407fff5270a257408e998dffc9f

  • SHA1

    ce41cea58487145827479cdc15d3f36ec72888b8

  • SHA256

    0e8d42df2baf16aa25989807091f01925beb42c28aa2caf7aeb95b6b14d3658f

  • SHA512

    51361e54b41daef54fd0931ec5bafd313c84f6949055509170b1a0759e30b32234054018165e64dd1c6b845dbbcd40c0d14f2c2c3a2eb0a2d4f313dc790b5f9a

  • SSDEEP

    98304:CExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR+:CMby0Sruak17xwL

Malware Config

Targets

    • Target

      0e8d42df2baf16aa25989807091f01925beb42c28aa2caf7aeb95b6b14d3658f

    • Size

      4.2MB

    • MD5

      e35f0407fff5270a257408e998dffc9f

    • SHA1

      ce41cea58487145827479cdc15d3f36ec72888b8

    • SHA256

      0e8d42df2baf16aa25989807091f01925beb42c28aa2caf7aeb95b6b14d3658f

    • SHA512

      51361e54b41daef54fd0931ec5bafd313c84f6949055509170b1a0759e30b32234054018165e64dd1c6b845dbbcd40c0d14f2c2c3a2eb0a2d4f313dc790b5f9a

    • SSDEEP

      98304:CExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR+:CMby0Sruak17xwL

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks