General

  • Target

    fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6

  • Size

    4.1MB

  • Sample

    240517-fd8j5shh5x

  • MD5

    03a7d45e187dd295682841a6528e42d0

  • SHA1

    754413d33dcbd38a6f1175c38aea1f1925c7a78c

  • SHA256

    fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6

  • SHA512

    027cca552ce668f8fb822243cae4242e6288691a34193afba50fae96d553538e81abf9f682c4a3cc23b5eabc79723c87b00d560148c590f6aec5fedc2a538c02

  • SSDEEP

    98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1w:4OA8mA0A2AFyQ3d0+aD4qkVni5w

Malware Config

Targets

    • Target

      fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6

    • Size

      4.1MB

    • MD5

      03a7d45e187dd295682841a6528e42d0

    • SHA1

      754413d33dcbd38a6f1175c38aea1f1925c7a78c

    • SHA256

      fa1650568608e8badd080972738ca149bd82833d4957d681e642323d3c8850c6

    • SHA512

      027cca552ce668f8fb822243cae4242e6288691a34193afba50fae96d553538e81abf9f682c4a3cc23b5eabc79723c87b00d560148c590f6aec5fedc2a538c02

    • SSDEEP

      98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1w:4OA8mA0A2AFyQ3d0+aD4qkVni5w

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks