glupteba | 32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b | Triage

Submit
Reports

Overview

overview

Static

static

32ffd8afda...1b.exe

windows7_x64

32ffd8afda...1b.exe

windows10-2004_x64

Sharing

General

Target

32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
Size

3.9MB
Sample

220509-ax6xrsbge9
MD5

5f844e9f04b1f6265b891f1a9144c6b4
SHA1

6e31e59c7e911959886c89c0303ca6c79e96bafa
SHA256

32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
SHA512

e91a06316617dbcf74cc2c80ba66d8655b34e53390b56b4275b9db1295fa855a1a9b8d5c46c0b19d7d45eb5ce656c8d38c690cfee3db1009a1a4d8ec4ed2c878

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b.exe

Resource

win7-20220414-en

glupteba dropper evasion loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
- Size
  
  3.9MB
- MD5
  
  5f844e9f04b1f6265b891f1a9144c6b4
- SHA1
  
  6e31e59c7e911959886c89c0303ca6c79e96bafa
- SHA256
  
  32ffd8afdab0aa8813b29251b39f3d010e4a1d2d1eca19e9b8825190ea3c4d1b
- SHA512
  
  e91a06316617dbcf74cc2c80ba66d8655b34e53390b56b4275b9db1295fa855a1a9b8d5c46c0b19d7d45eb5ce656c8d38c690cfee3db1009a1a4d8ec4ed2c878
Score

10^/10

glupteba dropper evasion loader discovery persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Modifies boot configuration data using bcdedit
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloader

behavioral2

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy