General

  • Target

    f1c70191d033ba0e1101977b856812d528076351540e1ae25e144349978f1314

  • Size

    4.1MB

  • Sample

    240509-tw4wkaec75

  • MD5

    5293a4cfda0077c83a8c0829af127b94

  • SHA1

    01706963ad6ab569705a510849326ff53b5cdf70

  • SHA256

    f1c70191d033ba0e1101977b856812d528076351540e1ae25e144349978f1314

  • SHA512

    cf2089bea4084d71dfcb5805df076523692155ab9dec4896a0fa5a71afda98bee785243510246033026409608b9f7bd220d8f2d2be25ee734145f7a5d84fe83d

  • SSDEEP

    98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9at:dmkkc0oEfvGFgFjKYMWdk

Malware Config

Targets

    • Target

      f1c70191d033ba0e1101977b856812d528076351540e1ae25e144349978f1314

    • Size

      4.1MB

    • MD5

      5293a4cfda0077c83a8c0829af127b94

    • SHA1

      01706963ad6ab569705a510849326ff53b5cdf70

    • SHA256

      f1c70191d033ba0e1101977b856812d528076351540e1ae25e144349978f1314

    • SHA512

      cf2089bea4084d71dfcb5805df076523692155ab9dec4896a0fa5a71afda98bee785243510246033026409608b9f7bd220d8f2d2be25ee734145f7a5d84fe83d

    • SSDEEP

      98304:ygQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9at:dmkkc0oEfvGFgFjKYMWdk

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks