glupteba | 84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225 | Triage

Submit
Reports

Overview

overview

Static

static

84ff14072b...25.exe

windows7_x64

84ff14072b...25.exe

windows10-2004_x64

Sharing

General

Target

84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
Size

3.9MB
Sample

220509-axn2ysbgd8
MD5

34e0782f4d580847bc0030b12ba9745a
SHA1

fb6b7efe3a9b91d15cd61819be6e2cd43681c118
SHA256

84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
SHA512

d69e8a139f707286163c7e937a29d7ec121dbdc2e94c9aa70b14b940408f272bc17731aed88b207f8096106c4882fdd7d619c459e12802eb8a6eddcf9e4ac3a9

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225.exe

Resource

win7-20220414-en

glupteba dropper evasion loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
- Size
  
  3.9MB
- MD5
  
  34e0782f4d580847bc0030b12ba9745a
- SHA1
  
  fb6b7efe3a9b91d15cd61819be6e2cd43681c118
- SHA256
  
  84ff14072be6079388eaa1c071824672f61737c3bf8f51e71847762dbdcf6225
- SHA512
  
  d69e8a139f707286163c7e937a29d7ec121dbdc2e94c9aa70b14b940408f272bc17731aed88b207f8096106c4882fdd7d619c459e12802eb8a6eddcf9e4ac3a9
Score

10^/10

glupteba dropper evasion loader discovery persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloader

behavioral2

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy