General

  • Target

    89af5bbf64eb2506c1a20e883912d560ca51c10369e22629b9a89e60e1c4e7f1

  • Size

    4.1MB

  • Sample

    240517-qa9cdaad48

  • MD5

    9d5fe265466ca046380943ee174943c6

  • SHA1

    590ea483ca98c5cba23c7bd35a7e09350c09c1f7

  • SHA256

    89af5bbf64eb2506c1a20e883912d560ca51c10369e22629b9a89e60e1c4e7f1

  • SHA512

    9d12bc52e5bfc267e13e36c877d76d2e5ad2b6291d5bfe7aa8038e9bf0ddf01a83700ba56f290e596781cb55e7d95631074df98101ddb8f57d2993b5f2e4838a

  • SSDEEP

    98304:PhzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvx:5z9CiccJ0CpfGcGG1DfLP

Malware Config

Targets

    • Target

      89af5bbf64eb2506c1a20e883912d560ca51c10369e22629b9a89e60e1c4e7f1

    • Size

      4.1MB

    • MD5

      9d5fe265466ca046380943ee174943c6

    • SHA1

      590ea483ca98c5cba23c7bd35a7e09350c09c1f7

    • SHA256

      89af5bbf64eb2506c1a20e883912d560ca51c10369e22629b9a89e60e1c4e7f1

    • SHA512

      9d12bc52e5bfc267e13e36c877d76d2e5ad2b6291d5bfe7aa8038e9bf0ddf01a83700ba56f290e596781cb55e7d95631074df98101ddb8f57d2993b5f2e4838a

    • SSDEEP

      98304:PhzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvx:5z9CiccJ0CpfGcGG1DfLP

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks