General

  • Target

    7821fe99a34d439c696ebfab4cbf1fc4389e6ed15f457166d9286522bf416eb6

  • Size

    4.1MB

  • Sample

    240509-qgjqasbc6y

  • MD5

    18ee862a1e06ee10ea57a5036371b167

  • SHA1

    3bd983340f81157a22b194cf1c9f0abcb653b050

  • SHA256

    7821fe99a34d439c696ebfab4cbf1fc4389e6ed15f457166d9286522bf416eb6

  • SHA512

    323e5a36153da9e5404ac479114e6fdb995efa22b8a21ada696f29ad0b673c2cef547e081217488cc847cc63d3d08061fb0ff4898424b8f9effa77db7380b66b

  • SSDEEP

    98304:8sY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAG:PQZcza2WcnIxBnXOdJK+3UAG

Malware Config

Targets

    • Target

      7821fe99a34d439c696ebfab4cbf1fc4389e6ed15f457166d9286522bf416eb6

    • Size

      4.1MB

    • MD5

      18ee862a1e06ee10ea57a5036371b167

    • SHA1

      3bd983340f81157a22b194cf1c9f0abcb653b050

    • SHA256

      7821fe99a34d439c696ebfab4cbf1fc4389e6ed15f457166d9286522bf416eb6

    • SHA512

      323e5a36153da9e5404ac479114e6fdb995efa22b8a21ada696f29ad0b673c2cef547e081217488cc847cc63d3d08061fb0ff4898424b8f9effa77db7380b66b

    • SSDEEP

      98304:8sY/dZ96HSSh3za2WcnSdxBz+LIy5MjydJbomy+VuiahAG:PQZcza2WcnIxBnXOdJK+3UAG

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks