General

  • Target

    e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9

  • Size

    4.1MB

  • Sample

    240509-tvfscaeb74

  • MD5

    c5a2da0fff0777aa8a826f5aa7f75daf

  • SHA1

    85a079352cfae4c338e088e2e9ac689989b7f219

  • SHA256

    e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9

  • SHA512

    7646eea4173bc8143d16b850559813c5a2d166fb5833389437cd4b2af0384666b075434d66642ce136dc14501a7316255df2c2e880147b9e552774426e0880a6

  • SSDEEP

    98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aE:lmkkc0oEfvGFgFjKYMWdV

Malware Config

Targets

    • Target

      e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9

    • Size

      4.1MB

    • MD5

      c5a2da0fff0777aa8a826f5aa7f75daf

    • SHA1

      85a079352cfae4c338e088e2e9ac689989b7f219

    • SHA256

      e9757b4b7bf816e6a8ec1a79ec4d5602ed68af0b095546495d726d71708a65d9

    • SHA512

      7646eea4173bc8143d16b850559813c5a2d166fb5833389437cd4b2af0384666b075434d66642ce136dc14501a7316255df2c2e880147b9e552774426e0880a6

    • SSDEEP

      98304:qgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aE:lmkkc0oEfvGFgFjKYMWdV

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks