General

  • Target

    36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e

  • Size

    4.1MB

  • Sample

    240509-p7v1ksde83

  • MD5

    378c27c72623ee6f98580affff65e9a5

  • SHA1

    0c086fb7c4c46952943df8494c1ec20c0f3b03b3

  • SHA256

    36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e

  • SHA512

    eb16c02e7499b588e4a6ffc8d870e4ee146406122e6343f9ef4a78b4760b77e23341e286808cf1e2dae8ff4acb5d0914acb85f193f3e3482ab676e25b6ec3364

  • SSDEEP

    98304:csY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAH:vQZcza2WcnIxBnXOdJK+3UAH

Malware Config

Targets

    • Target

      36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e

    • Size

      4.1MB

    • MD5

      378c27c72623ee6f98580affff65e9a5

    • SHA1

      0c086fb7c4c46952943df8494c1ec20c0f3b03b3

    • SHA256

      36b234574caf15ae9e4222872ed8efae6517ba15cba9a5fb9f806edb08d5c93e

    • SHA512

      eb16c02e7499b588e4a6ffc8d870e4ee146406122e6343f9ef4a78b4760b77e23341e286808cf1e2dae8ff4acb5d0914acb85f193f3e3482ab676e25b6ec3364

    • SSDEEP

      98304:csY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAH:vQZcza2WcnIxBnXOdJK+3UAH

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks