General

  • Target

    4203ea0d35429607e2ef34c38639acc84b7c9435eec77f25fceb233836afff56

  • Size

    4.1MB

  • Sample

    240509-twprmsec56

  • MD5

    ea7d1ae38281c77f26eb6ea94e4df729

  • SHA1

    5f55e8262d62231a803480c575e0f9f6a098cd58

  • SHA256

    4203ea0d35429607e2ef34c38639acc84b7c9435eec77f25fceb233836afff56

  • SHA512

    170cf06ca1a3892eba99d809aa72d49383190bd0224aff5b22e719a75936875c7b2f6e7a1ce3d46ae9a6b93e32a2d0d1474722a94d577d396985e40c160f0737

  • SSDEEP

    98304:igQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ar:Nmkkc0oEfvGFgFjKYMWde

Malware Config

Targets

    • Target

      4203ea0d35429607e2ef34c38639acc84b7c9435eec77f25fceb233836afff56

    • Size

      4.1MB

    • MD5

      ea7d1ae38281c77f26eb6ea94e4df729

    • SHA1

      5f55e8262d62231a803480c575e0f9f6a098cd58

    • SHA256

      4203ea0d35429607e2ef34c38639acc84b7c9435eec77f25fceb233836afff56

    • SHA512

      170cf06ca1a3892eba99d809aa72d49383190bd0224aff5b22e719a75936875c7b2f6e7a1ce3d46ae9a6b93e32a2d0d1474722a94d577d396985e40c160f0737

    • SSDEEP

      98304:igQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9ar:Nmkkc0oEfvGFgFjKYMWde

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks