General

  • Target

    8ced9e7c189c6f777afc030b22307ecc7e8ca4795b183b33b3551000a93e6519

  • Size

    4.1MB

  • Sample

    240517-pt42bshe2y

  • MD5

    78a7bc393dc719e6856df16f6fd1b0b8

  • SHA1

    a7ae9ab2b5ea523f62f87c2401f4c07a2df93a0b

  • SHA256

    8ced9e7c189c6f777afc030b22307ecc7e8ca4795b183b33b3551000a93e6519

  • SHA512

    f5d788b9e77536ddecf4710af1df42ee9aabb145a49cf34c48f57f4a5e4b8ede8c64b292eac07abdb4fea06226e0021c46850ea2c56c09c0ac2398b3cd1a1abd

  • SSDEEP

    98304:0d7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErA:mRMSLQaVNfPUP9FaqUIATxXaCdFFREnB

Malware Config

Targets

    • Target

      8ced9e7c189c6f777afc030b22307ecc7e8ca4795b183b33b3551000a93e6519

    • Size

      4.1MB

    • MD5

      78a7bc393dc719e6856df16f6fd1b0b8

    • SHA1

      a7ae9ab2b5ea523f62f87c2401f4c07a2df93a0b

    • SHA256

      8ced9e7c189c6f777afc030b22307ecc7e8ca4795b183b33b3551000a93e6519

    • SHA512

      f5d788b9e77536ddecf4710af1df42ee9aabb145a49cf34c48f57f4a5e4b8ede8c64b292eac07abdb4fea06226e0021c46850ea2c56c09c0ac2398b3cd1a1abd

    • SSDEEP

      98304:0d7tSzSG1TEQyj2soCVZzfOSLUhtCaFAX/iUIATxmmpvA2aCdQuFREnErA:mRMSLQaVNfPUP9FaqUIATxXaCdFFREnB

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks