Overview

overview

10

Static

static

5f9bb56e26...93.exe

windows7_x64

10

5f9bb56e26...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93

  • Size

    3.9MB

  • Sample

    220509-axsp5sbgd9

  • MD5

    2d9954959c9b28d9fe26ac79e0fb6049

  • SHA1

    09fb85db59f081e92f5603af12794f1fb7f1918c

  • SHA256

    5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93

  • SHA512

    fd04cdd5de4591ba18a05e827187834b08c25e4b4f0c4c00eefd5828f2964fd0dd576deb3811d992edb9e482d8070b4bcb302a81a43a279907b23dfa1bfdc162

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93

    • Size

      3.9MB

    • MD5

      2d9954959c9b28d9fe26ac79e0fb6049

    • SHA1

      09fb85db59f081e92f5603af12794f1fb7f1918c

    • SHA256

      5f9bb56e26db9d0f8cb7894d548326823dd524f28e2bc2bb9ac77bf4d8968a93

    • SHA512

      fd04cdd5de4591ba18a05e827187834b08c25e4b4f0c4c00eefd5828f2964fd0dd576deb3811d992edb9e482d8070b4bcb302a81a43a279907b23dfa1bfdc162

    Score
    10/10
    gluptebadropperevasionloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

      evasion

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks