General

  • Target

    4b8ea28299d563187dbaeac5036d719b2bb8c0d176a56d73eed708d000b4a86d

  • Size

    4.2MB

  • Sample

    240427-2bmqjshh39

  • MD5

    5b412e8d19ec18d694548112832773c5

  • SHA1

    b1dc18da9bd9326e7069c77246c7718352a52582

  • SHA256

    4b8ea28299d563187dbaeac5036d719b2bb8c0d176a56d73eed708d000b4a86d

  • SHA512

    67ba5641d2865907ea39df1f917429c0151970e56e20dc8880e959bc114008cccf0d1a27cbace44ec6a81963d38d42cb1f5950e0cadeb261b19583c88f436772

  • SSDEEP

    98304:PamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1g:PTy8Jy4o9ecZxQhwo8IinPG1g

Malware Config

Targets

    • Target

      4b8ea28299d563187dbaeac5036d719b2bb8c0d176a56d73eed708d000b4a86d

    • Size

      4.2MB

    • MD5

      5b412e8d19ec18d694548112832773c5

    • SHA1

      b1dc18da9bd9326e7069c77246c7718352a52582

    • SHA256

      4b8ea28299d563187dbaeac5036d719b2bb8c0d176a56d73eed708d000b4a86d

    • SHA512

      67ba5641d2865907ea39df1f917429c0151970e56e20dc8880e959bc114008cccf0d1a27cbace44ec6a81963d38d42cb1f5950e0cadeb261b19583c88f436772

    • SSDEEP

      98304:PamOmyh13YwSD+iffg9rOMOczucEEdNxQlfwo87Elwi0PG1g:PTy8Jy4o9ecZxQhwo8IinPG1g

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks