Description
Glupteba is a modular loader written in Golang with various components.
2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
General
Target
Size
Sample
2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
5MB
220521-m25lqache8
Score
10 /10
MD5
SHA1
SHA256
SHA512
27d671e5478cb71030023d80834f713f
00599520f60ced4ad5d5985b6866c16752a30e82
2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd
Malware Config
Targets
Target
MD5
Filesize
2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
27d671e5478cb71030023d80834f713f
5MB
Score
10/10
SHA1
SHA256
SHA512
00599520f60ced4ad5d5985b6866c16752a30e82
2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
Tags
TTPs
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
Description
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
Tags
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Loads dropped DLL
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Drops file in System32 directory
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks