Description
Glupteba is a modular loader written in Golang with various components.
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
General
Target
Size
Sample
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
3MB
220520-ez2s2sceep
Score
10 /10
MD5
SHA1
SHA256
SHA512
5635e26c47223e47e3a87856d2e004b5
4bcb817e4479f2c78c068c6163bf2ea70283be96
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e
Malware Config
Targets
Target
MD5
Filesize
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
5635e26c47223e47e3a87856d2e004b5
3MB
Score
10/10
SHA1
SHA256
SHA512
4bcb817e4479f2c78c068c6163bf2ea70283be96
8f90e7b534454367aa000d1f2b3d9345045904dea5935d950696c5cad170384b
fbd79a001807a2853c753219d2ac33f1e86c73cff2ad88e9320b6b4d03a40252d3db327b6a94e3e09102677f01a94d0b6fd32e3182ed0ec15d85e9398f3b8e4e
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
UPX packed file
Description
Detects executables packed with UPX/modified UPX open source packer.
Tags
-
Loads dropped DLL
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Modifies boot configuration data using bcdedit
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks