General

  • Target

    28e0e935d6ce72fffd62e1b806868e85126025be89896aeae8ec0ad602ee38ef

  • Size

    4.2MB

  • Sample

    240420-nwnxfsgd51

  • MD5

    64fe01edad8c87d9c82db25b22fb8510

  • SHA1

    1ad018d27d2a0d6610e1f8fcd8bd24718759f866

  • SHA256

    28e0e935d6ce72fffd62e1b806868e85126025be89896aeae8ec0ad602ee38ef

  • SHA512

    bfd122ba1f63763a4b6114ab260d1c2aaf843a240c53c73e1fc27242f12349490e2c3dd42004a927c5906b9b642ead4bdf2957e417f1a626dfaedd9dfc74745c

  • SSDEEP

    98304:KExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRB:KMby0Sruak17xwY

Malware Config

Targets

    • Target

      28e0e935d6ce72fffd62e1b806868e85126025be89896aeae8ec0ad602ee38ef

    • Size

      4.2MB

    • MD5

      64fe01edad8c87d9c82db25b22fb8510

    • SHA1

      1ad018d27d2a0d6610e1f8fcd8bd24718759f866

    • SHA256

      28e0e935d6ce72fffd62e1b806868e85126025be89896aeae8ec0ad602ee38ef

    • SHA512

      bfd122ba1f63763a4b6114ab260d1c2aaf843a240c53c73e1fc27242f12349490e2c3dd42004a927c5906b9b642ead4bdf2957e417f1a626dfaedd9dfc74745c

    • SSDEEP

      98304:KExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nRB:KMby0Sruak17xwY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks