glupteba | 951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf | Triage

Submit
Reports

Overview

overview

Static

static

951925a799...bf.exe

windows7_x64

951925a799...bf.exe

windows10-2004_x64

Sharing

General

Target

951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
Size

3.9MB
Sample

220509-axk1asefaq
MD5

0dabcde31fa74e5d6d5af213b00e2bff
SHA1

7e6e90e29ba33795317bc17c1b7ad50617c5fa87
SHA256

951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
SHA512

7af2ddd6857ff1e6fddfe76a10307a9f51bf5ce42b1e19dbc102a6016fa66feebb5acfcb5257e046566683fa23e52604dc9a452a82423e48e43ff291876f0c37

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf.exe

Resource

win7-20220414-en

glupteba dropper evasion loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
- Size
  
  3.9MB
- MD5
  
  0dabcde31fa74e5d6d5af213b00e2bff
- SHA1
  
  7e6e90e29ba33795317bc17c1b7ad50617c5fa87
- SHA256
  
  951925a7994f5898e54b17a1237db32e9ab7cc715555707db2350752ebcbaebf
- SHA512
  
  7af2ddd6857ff1e6fddfe76a10307a9f51bf5ce42b1e19dbc102a6016fa66feebb5acfcb5257e046566683fa23e52604dc9a452a82423e48e43ff291876f0c37
Score

10^/10

glupteba dropper evasion loader discovery persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloader

behavioral2

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy