General

  • Target

    9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04

  • Size

    4.1MB

  • Sample

    240517-feqeyshh7v

  • MD5

    cc5e1a2bfe21b0deb91a8d4dd06e09dd

  • SHA1

    72fcbc48446d2cc9dd3a5554f3852ba1600f2ae6

  • SHA256

    9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04

  • SHA512

    c7dcac574d402b95dd439244ba5d36453bf25e501bbfe2da9c48dc37a7f58c04a21a7cd287eb5413bf08f86e532b43ff31643f3dedcf81cb79069b29aefa392a

  • SSDEEP

    98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1T:AOA8mA0A2AFyQ3d0+aD4qkVni5T

Malware Config

Targets

    • Target

      9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04

    • Size

      4.1MB

    • MD5

      cc5e1a2bfe21b0deb91a8d4dd06e09dd

    • SHA1

      72fcbc48446d2cc9dd3a5554f3852ba1600f2ae6

    • SHA256

      9ce41f1c87a25cb233bc2be809aa568c46eed6d770c5a0f9fa07d6617b624b04

    • SHA512

      c7dcac574d402b95dd439244ba5d36453bf25e501bbfe2da9c48dc37a7f58c04a21a7cd287eb5413bf08f86e532b43ff31643f3dedcf81cb79069b29aefa392a

    • SSDEEP

      98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1T:AOA8mA0A2AFyQ3d0+aD4qkVni5T

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks