General

  • Target

    88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8

  • Size

    4.1MB

  • Sample

    240509-tvzv8aeb94

  • MD5

    e7233aa5346e10f66f38d4914c588a8a

  • SHA1

    55352b329d87b4206de4142e1e5983607f78ea42

  • SHA256

    88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8

  • SHA512

    a00477bcae96d1743f06709c3a977de8ecea77061daab3e48128a4a500689061e18436734c662649179c5de05e5e6bf08ff883ce0fd7d3a397cc8298c6aebde8

  • SSDEEP

    98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdT

Malware Config

Targets

    • Target

      88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8

    • Size

      4.1MB

    • MD5

      e7233aa5346e10f66f38d4914c588a8a

    • SHA1

      55352b329d87b4206de4142e1e5983607f78ea42

    • SHA256

      88df5327eceb8992c430c431d6829a50d3b1db7d31b147a47b430e09aa184fc8

    • SHA512

      a00477bcae96d1743f06709c3a977de8ecea77061daab3e48128a4a500689061e18436734c662649179c5de05e5e6bf08ff883ce0fd7d3a397cc8298c6aebde8

    • SSDEEP

      98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ay:Vmkkc0oEfvGFgFjKYMWdT

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks