General

  • Target

    726d65ec3c7fa48f09bb2310775e6a9ed1196109ea6bce0dd3720c987b4d3b16

  • Size

    4.1MB

  • Sample

    240515-pzmn8sab92

  • MD5

    7483181956a41d16fd7b535f968d9931

  • SHA1

    03061cf44f7d23da3591d1b55987781e777ba207

  • SHA256

    726d65ec3c7fa48f09bb2310775e6a9ed1196109ea6bce0dd3720c987b4d3b16

  • SHA512

    0f036f273c54e93cea29e428a177dc94ddffac3839503a234329761316bfbeff42d0366106ba0b467cbd6359095455f214f112d9277de920713628fee7034d01

  • SSDEEP

    98304:n1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwaK:nsSSLiykDAqj7OID3L1C5K

Malware Config

Targets

    • Target

      726d65ec3c7fa48f09bb2310775e6a9ed1196109ea6bce0dd3720c987b4d3b16

    • Size

      4.1MB

    • MD5

      7483181956a41d16fd7b535f968d9931

    • SHA1

      03061cf44f7d23da3591d1b55987781e777ba207

    • SHA256

      726d65ec3c7fa48f09bb2310775e6a9ed1196109ea6bce0dd3720c987b4d3b16

    • SHA512

      0f036f273c54e93cea29e428a177dc94ddffac3839503a234329761316bfbeff42d0366106ba0b467cbd6359095455f214f112d9277de920713628fee7034d01

    • SSDEEP

      98304:n1qSSz4+iErkw10pvrAflwj7ybev/Ga3LhpJpF+cKwaK:nsSSLiykDAqj7OID3L1C5K

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks