Overview

overview

10

Static

static

05c0b1d16e...34.exe

windows7_x64

10

05c0b1d16e...34.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05c0b1d16ecac689c56bfeaf2bbe93eb374021c9358f6b50f3e52f21912ff934

  • Size

    3.8MB

  • Sample

    220509-aydbvabgf5

  • MD5

    b3b4f5d9c8059471bbfd46fbddab3115

  • SHA1

    978481727403997db4c82de8976edd6f23f46e24

  • SHA256

    05c0b1d16ecac689c56bfeaf2bbe93eb374021c9358f6b50f3e52f21912ff934

  • SHA512

    2a026db45d029571d75e0810bf0caf7097be12bcf6664beaf76c2bc4300760db6c70849204039b0a39105f073c2fbb1101616d4a730939fbe01f63988b855c19

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      05c0b1d16ecac689c56bfeaf2bbe93eb374021c9358f6b50f3e52f21912ff934

    • Size

      3.8MB

    • MD5

      b3b4f5d9c8059471bbfd46fbddab3115

    • SHA1

      978481727403997db4c82de8976edd6f23f46e24

    • SHA256

      05c0b1d16ecac689c56bfeaf2bbe93eb374021c9358f6b50f3e52f21912ff934

    • SHA512

      2a026db45d029571d75e0810bf0caf7097be12bcf6664beaf76c2bc4300760db6c70849204039b0a39105f073c2fbb1101616d4a730939fbe01f63988b855c19

    Score
    10/10
    gluptebadropperevasionloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Modifies boot configuration data using bcdedit

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks