General

  • Target

    2bf82e02de3c965d4e3c392a940988f4367fbce6f95dbf945d9878c425f24cb5

  • Size

    4.1MB

  • Sample

    240517-fdwwcaaa97

  • MD5

    620cabf73473d3cec9e5454197b92cd1

  • SHA1

    dde5c6707783c7cacb13b813281742858019e913

  • SHA256

    2bf82e02de3c965d4e3c392a940988f4367fbce6f95dbf945d9878c425f24cb5

  • SHA512

    e2e78d9a8cf49bd2af1868a738353beb41f50618b5f676b142a7e58c44d1521db6d86711ab4daebd56edfe27497c52da5ab942c5b622c0dce637ca534f4d861c

  • SSDEEP

    98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG15:4OA8mA0A2AFyQ3d0+aD4qkVni55

Malware Config

Targets

    • Target

      2bf82e02de3c965d4e3c392a940988f4367fbce6f95dbf945d9878c425f24cb5

    • Size

      4.1MB

    • MD5

      620cabf73473d3cec9e5454197b92cd1

    • SHA1

      dde5c6707783c7cacb13b813281742858019e913

    • SHA256

      2bf82e02de3c965d4e3c392a940988f4367fbce6f95dbf945d9878c425f24cb5

    • SHA512

      e2e78d9a8cf49bd2af1868a738353beb41f50618b5f676b142a7e58c44d1521db6d86711ab4daebd56edfe27497c52da5ab942c5b622c0dce637ca534f4d861c

    • SSDEEP

      98304:uNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG15:4OA8mA0A2AFyQ3d0+aD4qkVni55

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks