General

  • Target

    c2613072d2d0a8c8ffb4cd303d19114d3317bd847c084f7fc75174430715eee0

  • Size

    4.1MB

  • Sample

    240517-fetsdahh7x

  • MD5

    797207306238ce5ade3460ebbfb8a245

  • SHA1

    da0a90a2360eb027a7b15f0a40304f7297cd3048

  • SHA256

    c2613072d2d0a8c8ffb4cd303d19114d3317bd847c084f7fc75174430715eee0

  • SHA512

    3abe0a4c10eb811c3ae339f80bc6120d0cba4645a0a6e84119772aafb4dd478b3046ad76cab86294fd59992d40a7848e61d97790dc51dd5110d8549be6248ab7

  • SSDEEP

    98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1b:AOA8mA0A2AFyQ3d0+aD4qkVni5b

Malware Config

Targets

    • Target

      c2613072d2d0a8c8ffb4cd303d19114d3317bd847c084f7fc75174430715eee0

    • Size

      4.1MB

    • MD5

      797207306238ce5ade3460ebbfb8a245

    • SHA1

      da0a90a2360eb027a7b15f0a40304f7297cd3048

    • SHA256

      c2613072d2d0a8c8ffb4cd303d19114d3317bd847c084f7fc75174430715eee0

    • SHA512

      3abe0a4c10eb811c3ae339f80bc6120d0cba4645a0a6e84119772aafb4dd478b3046ad76cab86294fd59992d40a7848e61d97790dc51dd5110d8549be6248ab7

    • SSDEEP

      98304:mNO3yy04ogde7ep0A2AdPyQGNgd0+V4CCH3iZ/qkVniougG1b:AOA8mA0A2AFyQ3d0+aD4qkVni5b

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks