glupteba | 97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae | Triage

Submit
Reports

Overview

overview

Static

static

97f78f4fab...ae.exe

windows7_x64

97f78f4fab...ae.exe

windows10-2004_x64

Sharing

General

Target

97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae
Size

3.6MB
Sample

220520-d1dxyaaebl
MD5

3a18cda9306b2d2c4dd1370b83542e04
SHA1

347d2a94170761858d16355e271b01f0eba5b29a
SHA256

97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae
SHA512

19c943e53eb7a01cb3416bd17c8073c89dfb2064a77ef89755ad59635bd3172f4b08f4de65e45570a92337555d6677530cbbb2f9dd28490e8baf4e5fc38a3dbf

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae.exe

Resource

win7-20220414-en

glupteba discovery dropper evasion loader persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae
- Size
  
  3.6MB
- MD5
  
  3a18cda9306b2d2c4dd1370b83542e04
- SHA1
  
  347d2a94170761858d16355e271b01f0eba5b29a
- SHA256
  
  97f78f4fab3ab36c3689737fcfed22f1bd31828c4c7182a5818c711dd03459ae
- SHA512
  
  19c943e53eb7a01cb3416bd17c8073c89dfb2064a77ef89755ad59635bd3172f4b08f4de65e45570a92337555d6677530cbbb2f9dd28490e8baf4e5fc38a3dbf
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy