General

  • Target

    feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9

  • Size

    4.1MB

  • Sample

    240509-p9419sdg33

  • MD5

    e82aabf429290b098a6b242a78f0cd72

  • SHA1

    2573b22062a086627d1b5b736483dfbe5f3dd207

  • SHA256

    feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9

  • SHA512

    c11300db4c14d2eae7c7c8c43f048562dea1ddcc2347dbd7e2c2cd4e0fa7b3eebc0227a730a064a19f00cebf83077a620fc6da0cc2fbdc070ddaa89649625138

  • SSDEEP

    98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAm:3QZcza2WcnIxBnXOdJK+3UAm

Malware Config

Targets

    • Target

      feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9

    • Size

      4.1MB

    • MD5

      e82aabf429290b098a6b242a78f0cd72

    • SHA1

      2573b22062a086627d1b5b736483dfbe5f3dd207

    • SHA256

      feee87221a8cde2983145a12e301a794bd748a8a86e2f1ba69fed424d7a645c9

    • SHA512

      c11300db4c14d2eae7c7c8c43f048562dea1ddcc2347dbd7e2c2cd4e0fa7b3eebc0227a730a064a19f00cebf83077a620fc6da0cc2fbdc070ddaa89649625138

    • SSDEEP

      98304:UsY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAm:3QZcza2WcnIxBnXOdJK+3UAm

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks