Description
Glupteba is a modular loader written in Golang with various components.
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
General
Target
Size
Sample
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
3MB
220521-a1yessebbk
Score
10 /10
MD5
SHA1
SHA256
SHA512
1a1bc06765f3db1c9552b0aea6a59145
97ae8124b82fa55ce3a41d6f226817caf5eabc11
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
edb396aefe69d9bc4b3179b6e7b6e8052ae4a356d88486d88a93721c255debcc3611b6dd00c706381e9dcdfa883936554efb3f733d2bd67b100da51b771a49af
Malware Config
Targets
Target
MD5
Filesize
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
1a1bc06765f3db1c9552b0aea6a59145
3MB
Score
10/10
SHA1
SHA256
SHA512
97ae8124b82fa55ce3a41d6f226817caf5eabc11
9d5c364e8745f796a5875e52b5e2a33ee1fb882d833442251d5e283573af38a8
edb396aefe69d9bc4b3179b6e7b6e8052ae4a356d88486d88a93721c255debcc3611b6dd00c706381e9dcdfa883936554efb3f733d2bd67b100da51b771a49af
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Loads dropped DLL
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Modifies boot configuration data using bcdedit
-
Drops file in System32 directory
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks