General

  • Target

    663f1b0f829d5f3d0bb5bef1348273e2c385ab2511bf13c06f384ad00b2b2fda

  • Size

    4.1MB

  • Sample

    240515-px4jzaab27

  • MD5

    f8812ee3f182585570ebcb129f565424

  • SHA1

    276c1c963c6f6c3f96f18a855c04bc71db65ac57

  • SHA256

    663f1b0f829d5f3d0bb5bef1348273e2c385ab2511bf13c06f384ad00b2b2fda

  • SHA512

    aa38fa4b009b166bc50e5d9fccf68aa04e4df03092a21bb1ea2b053a152dcfc893012714a77d0e75fa815b528654e96b52345199d0ffb0980f18eace44d35be8

  • SSDEEP

    98304:v1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwau:vsSSLiykDAqj7OID3L1C5u

Malware Config

Targets

    • Target

      663f1b0f829d5f3d0bb5bef1348273e2c385ab2511bf13c06f384ad00b2b2fda

    • Size

      4.1MB

    • MD5

      f8812ee3f182585570ebcb129f565424

    • SHA1

      276c1c963c6f6c3f96f18a855c04bc71db65ac57

    • SHA256

      663f1b0f829d5f3d0bb5bef1348273e2c385ab2511bf13c06f384ad00b2b2fda

    • SHA512

      aa38fa4b009b166bc50e5d9fccf68aa04e4df03092a21bb1ea2b053a152dcfc893012714a77d0e75fa815b528654e96b52345199d0ffb0980f18eace44d35be8

    • SSDEEP

      98304:v1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwau:vsSSLiykDAqj7OID3L1C5u

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks