glupteba | 8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b | Triage

Submit
Reports

Overview

overview

Static

static

8f90e7b534...4b.exe

windows7_x64

8f90e7b534...4b.exe

windows10-2004_x64

Sharing

General

Target

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
Size

3.5MB
Sample

220520-ez2s2sceep
MD5

5635e26c47223e47e3a87856d2e004b5
SHA1

4bcb817e4479f2c78c068c6163bf2ea70283be96
SHA256

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
SHA512

fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b.exe

Resource

win7-20220414-en

glupteba discovery dropper evasion loader persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
- Size
  
  3.5MB
- MD5
  
  5635e26c47223e47e3a87856d2e004b5
- SHA1
  
  4bcb817e4479f2c78c068c6163bf2ea70283be96
- SHA256
  
  8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
- SHA512
  
  fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy