General

  • Target

    8986ac064540bb55bb4dfd159f83645ef22d134eb7bb4c731476305665759cd3

  • Size

    4.1MB

  • Sample

    240509-tyjy6sed66

  • MD5

    f421dc103d6bf6f78fb98b6ec9704932

  • SHA1

    405667355764b884aa5e6964ef5f170f1bdc054b

  • SHA256

    8986ac064540bb55bb4dfd159f83645ef22d134eb7bb4c731476305665759cd3

  • SHA512

    5bca65e186da12b1dbb18eff564ca8eda2e46b106f1653b3954d1b64f6c665f8038380af76c298f8231506cafc9f653ee1d0764c962ed1baa8348d6384df56d0

  • SSDEEP

    98304:KgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aL:Fmkkc0oEfvGFgFjKYMWdy

Malware Config

Targets

    • Target

      8986ac064540bb55bb4dfd159f83645ef22d134eb7bb4c731476305665759cd3

    • Size

      4.1MB

    • MD5

      f421dc103d6bf6f78fb98b6ec9704932

    • SHA1

      405667355764b884aa5e6964ef5f170f1bdc054b

    • SHA256

      8986ac064540bb55bb4dfd159f83645ef22d134eb7bb4c731476305665759cd3

    • SHA512

      5bca65e186da12b1dbb18eff564ca8eda2e46b106f1653b3954d1b64f6c665f8038380af76c298f8231506cafc9f653ee1d0764c962ed1baa8348d6384df56d0

    • SSDEEP

      98304:KgQj3bYke7IH4UmHBe7fvGvGegFjoB9Y4hH2MnS9aL:Fmkkc0oEfvGFgFjKYMWdy

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks