General

  • Target

    5f965a81853d90ff4641773c1bfdcbbb04ff5368fe4437f0d24fa86f60bf7926

  • Size

    4.1MB

  • Sample

    240509-szhbashb3s

  • MD5

    a2863c281e0da941c0cd2b1796d802f3

  • SHA1

    b607aacadb57b9cec53bf3762c8b950b284ef76c

  • SHA256

    5f965a81853d90ff4641773c1bfdcbbb04ff5368fe4437f0d24fa86f60bf7926

  • SHA512

    c212ed3badfad3f5368668fc9ccb7e31f5b163a11dbfe41bd02be146a0fc6a64c8574b117bff78fb2610654399d377b8a8705f4bd2a53ff8aebc65b87a94b95e

  • SSDEEP

    49152:6FHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFB:6FDbcVB3TFxHH43Ma9n+52NVhL/oBqqO

Malware Config

Targets

    • Target

      5f965a81853d90ff4641773c1bfdcbbb04ff5368fe4437f0d24fa86f60bf7926

    • Size

      4.1MB

    • MD5

      a2863c281e0da941c0cd2b1796d802f3

    • SHA1

      b607aacadb57b9cec53bf3762c8b950b284ef76c

    • SHA256

      5f965a81853d90ff4641773c1bfdcbbb04ff5368fe4437f0d24fa86f60bf7926

    • SHA512

      c212ed3badfad3f5368668fc9ccb7e31f5b163a11dbfe41bd02be146a0fc6a64c8574b117bff78fb2610654399d377b8a8705f4bd2a53ff8aebc65b87a94b95e

    • SSDEEP

      49152:6FHjWOXMS9cl73TW4F7CigoH4vE0j/gZI9yVcR+W62NZfYFwnO0lzL3OOHbQBqFB:6FDbcVB3TFxHH43Ma9n+52NVhL/oBqqO

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks