glupteba | 049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f | Triage

Submit
Reports

Overview

overview

Static

static

049cc75319...1f.exe

windows7_x64

049cc75319...1f.exe

windows10-2004_x64

Sharing

General

Target

049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f
Size

3.9MB
Sample

220509-ayd85sefck
MD5

c59c45733ce1353f991b514d7727675d
SHA1

a171401188c2db26864d9698df799d1e09afe2aa
SHA256

049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f
SHA512

d6f8da3759e884a5a32255a0ceae0d4da7352a7449389ff2a8e103f062263c756898f3c807d699478ab73e67037340e6ad584a53bacf12885ae0adba0bb3e0fd

Score

10^/10

glupteba dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f.exe

Resource

win7-20220414-en

glupteba dropper evasion loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f.exe

Resource

win10v2004-20220414-en

glupteba dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f
- Size
  
  3.9MB
- MD5
  
  c59c45733ce1353f991b514d7727675d
- SHA1
  
  a171401188c2db26864d9698df799d1e09afe2aa
- SHA256
  
  049cc753197b88d01b46fb3b7020dc0dc0a76dfe305fc02173b83299e929291f
- SHA512
  
  d6f8da3759e884a5a32255a0ceae0d4da7352a7449389ff2a8e103f062263c756898f3c807d699478ab73e67037340e6ad584a53bacf12885ae0adba0bb3e0fd
Score

10^/10

glupteba dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Modifies boot configuration data using bcdedit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloader

behavioral2

gluptebadropperevasionloaderpersistence

© 2018-2024

Terms | Privacy