Description
Glupteba is a modular loader written in Golang with various components.
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
General
Target
Size
Sample
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
3MB
220521-b4n6zagaen
Score
10 /10
MD5
SHA1
SHA256
SHA512
0d5405d0c31b0b5179c2d1623e7c3ac1
bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2
Malware Config
Targets
Target
MD5
Filesize
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
0d5405d0c31b0b5179c2d1623e7c3ac1
3MB
Score
10/10
SHA1
SHA256
SHA512
bd9135dd36e3ea7ee7e6711db7cbf3c68db65fdc
51baa76cb69b58bb9c5d89dd0d410fb9e1ab18d763f85a94973786309a6b9744
0da93164a3619a52d8f9c82de2d7697cc490e775787bfc22963852fa27edc7b93d0a09d2b154783c175f00a8247f0cbcbd6f69f1bc71b52a7a8a67915192def2
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Loads dropped DLL
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks