glupteba | c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a | Triage

Submit
Reports

Overview

overview

Static

static

c1e5deef96...3a.exe

windows7_x64

c1e5deef96...3a.exe

windows10-2004_x64

Sharing

General

Target

c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
Size

3.8MB
Sample

220509-aylyzsefcp
MD5

612ca23b487748d41925ab470adf454f
SHA1

931d6312114bd181bd4e6b52026b6ead4cb9fbfb
SHA256

c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
SHA512

382081f428db4057e18936dd7897e0eb0968cb3c0ffe8525e3233fe68b15f744cfbbd8610c87d7380efe31a6498bae59cdca88010711c3dc02685e0d5926eef9

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a.exe

Resource

win7-20220414-en

glupteba dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
- Size
  
  3.8MB
- MD5
  
  612ca23b487748d41925ab470adf454f
- SHA1
  
  931d6312114bd181bd4e6b52026b6ead4cb9fbfb
- SHA256
  
  c1e5deef9648e678d11be1fae1eaef515aef1732fae137ed4361af24ac62ce3a
- SHA512
  
  382081f428db4057e18936dd7897e0eb0968cb3c0ffe8525e3233fe68b15f744cfbbd8610c87d7380efe31a6498bae59cdca88010711c3dc02685e0d5926eef9
Score

10^/10

glupteba dropper loader discovery evasion persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperloader

behavioral2

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy