General

  • Target

    9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c

  • Size

    4.1MB

  • Sample

    240517-qd3n1aac4y

  • MD5

    404152452f49adaff5259a65028794d1

  • SHA1

    bbb3bd703dc0e176ddde8ee2874029e89387a81d

  • SHA256

    9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c

  • SHA512

    63a8604171c5afa03f9eabf26f389f0a2d50962935911175831c5a060783ac563cb2f9aab0961f72e9b3126bc6f5f94aba93fd55da198fa54bd3b8c71b701f1d

  • SSDEEP

    98304:/hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvm:Jz9CiccJ0CpfGcGG1DfLI

Malware Config

Targets

    • Target

      9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c

    • Size

      4.1MB

    • MD5

      404152452f49adaff5259a65028794d1

    • SHA1

      bbb3bd703dc0e176ddde8ee2874029e89387a81d

    • SHA256

      9a7076cd8a7525f2c09f27d4bbf18f271de08e50ea7ff9803dab5087f4fef60c

    • SHA512

      63a8604171c5afa03f9eabf26f389f0a2d50962935911175831c5a060783ac563cb2f9aab0961f72e9b3126bc6f5f94aba93fd55da198fa54bd3b8c71b701f1d

    • SSDEEP

      98304:/hzlfCz+ccJ0CpUiRHjJlGcG1klIkRd3fLKEvm:Jz9CiccJ0CpfGcGG1DfLI

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Modifies Windows Firewall

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks