General

  • Target

    fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089

  • Size

    4.1MB

  • Sample

    240509-txd2jaec87

  • MD5

    7a4aa20ee431bf137cd6c71fd0abd99e

  • SHA1

    0dd42f08817157d7c0a1fc481d87b3483443fb01

  • SHA256

    fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089

  • SHA512

    6d5a32b1337cabcfa52ceca68bff5027bd7b7a35178668abd0bebfffc62f6cc5f8417c15b519ae7a1feb9774dbb8905aa9fada838d052d5f1e70ebcdce9276e3

  • SSDEEP

    98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9al:Vmkkc0oEfvGFgFjKYMWdY

Malware Config

Targets

    • Target

      fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089

    • Size

      4.1MB

    • MD5

      7a4aa20ee431bf137cd6c71fd0abd99e

    • SHA1

      0dd42f08817157d7c0a1fc481d87b3483443fb01

    • SHA256

      fe0bf9db72ed034c074d4cc4a66248a144156f881cd819e755a6c4d996666089

    • SHA512

      6d5a32b1337cabcfa52ceca68bff5027bd7b7a35178668abd0bebfffc62f6cc5f8417c15b519ae7a1feb9774dbb8905aa9fada838d052d5f1e70ebcdce9276e3

    • SSDEEP

      98304:agQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9al:Vmkkc0oEfvGFgFjKYMWdY

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks