glupteba | 3c1ad5e16b7bcd6de12003bd6d7c2c94e47b1819dda35992beaad1dce5322b23 | Triage

Submit
Reports

Overview

overview

Static

static

how_to_tam...UA.exe

windows7_x64

how_to_tam...UA.exe

windows10_x64

how_to_tam...UA.exe

windows10-2004_x64

Sharing

General

Target

how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.bin.zip
Size

3.7MB
Sample

220516-j25d6sacgn
MD5

5267d1c06a8ce7d309bc03deda8f4e0c
SHA1

30c6861b776356456a635119fc9817a708b639db
SHA256

3c1ad5e16b7bcd6de12003bd6d7c2c94e47b1819dda35992beaad1dce5322b23
SHA512

5975f9561297506aec01c669252611b216d5526c5b50889ee7c768982ac89b6291e75148de12251aee94d899fb99bd2f5998472e18844442588629b10351bf6d

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.exe

Resource

win7-20220414-en

glupteba discovery dropper evasion loader persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.exe

Resource

win10-20220414-en

glupteba discovery dropper evasion loader persistence trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  how_to_tame_a_wild_tongue_metaphor-RTMD-AH-RtF-GMAAAFzsCAEdCGQAmAGbBP4UA.bin
- Size
  
  3.7MB
- MD5
  
  81703610976f32d1c1f091cf3c9d672e
- SHA1
  
  16c099c944685a8e597aef71ff1c78bdf190a0c4
- SHA256
  
  7ebcfa350728f258d2df454a58ef1866c5ec430b575fd239518af3ec92c29984
- SHA512
  
  818ed03701aaf1869172fd7be84cb4fd9380d9be6e7aa13b4cd65a68330bb8ff741623504672f056afb5d7881c73eb3d2ea31b52c953128fead19af7428c2e57
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Impair Defenses

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

behavioral2

gluptebadiscoverydropperevasionloaderpersistencetrojan

behavioral3

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy