General

  • Target

    afa534224d1969fbab79ecd20e489be991e9401d2376bb5d2748d345797e9c7c

  • Size

    4.1MB

  • Sample

    240515-3hybashg31

  • MD5

    f69757fce122491e1758c6b6455f201a

  • SHA1

    799a0b597ab5b1f65268ff3ecfd5f221fc236853

  • SHA256

    afa534224d1969fbab79ecd20e489be991e9401d2376bb5d2748d345797e9c7c

  • SHA512

    e6e52c1147ac6c81e97d414d9f4da3c2e688290f348ec610dad82bd68a1d87a688eb1191d6cc8de9360dd068813eb9c1ae3287df7d9da295148fef7264185190

  • SSDEEP

    98304:UCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbI:U5vuu/yDHItfIOpPCSgB5tCM

Malware Config

Targets

    • Target

      afa534224d1969fbab79ecd20e489be991e9401d2376bb5d2748d345797e9c7c

    • Size

      4.1MB

    • MD5

      f69757fce122491e1758c6b6455f201a

    • SHA1

      799a0b597ab5b1f65268ff3ecfd5f221fc236853

    • SHA256

      afa534224d1969fbab79ecd20e489be991e9401d2376bb5d2748d345797e9c7c

    • SHA512

      e6e52c1147ac6c81e97d414d9f4da3c2e688290f348ec610dad82bd68a1d87a688eb1191d6cc8de9360dd068813eb9c1ae3287df7d9da295148fef7264185190

    • SSDEEP

      98304:UCrMvuyR1RyPQdAJHItu4QbOo8ZPCtSlOjuAz5n6hmlDmbI:U5vuu/yDHItfIOpPCSgB5tCM

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks