glupteba | 2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579 | Triage

Submit
Reports

Overview

overview

Static

static

2a9a76e1cd...79.exe

windows7_x64

2a9a76e1cd...79.exe

windows10-2004_x64

Sharing

General

Target

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
Size

5.0MB
Sample

220521-m25lqache8
MD5

27d671e5478cb71030023d80834f713f
SHA1

00599520f60ced4ad5d5985b6866c16752a30e82
SHA256

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
SHA512

ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd

Score

10^/10

glupteba dropper evasion loader persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579.exe

Resource

win7-20220414-en

glupteba dropper evasion loader persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579.exe

Resource

win10v2004-20220414-en

glupteba dropper evasion loader persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
- Size
  
  5.0MB
- MD5
  
  27d671e5478cb71030023d80834f713f
- SHA1
  
  00599520f60ced4ad5d5985b6866c16752a30e82
- SHA256
  
  2a9a76e1cd24b7d30675ea936137f7b159424e318a9bc086f466ead4ee6ae579
- SHA512
  
  ee0aa0b0e8b111eec375dbb380b71dd9b27b256d8b703f8536059c475abf4c41e895a484c4c7ef780d60247b9cc9c864215040febcaac325371a145109a9f8fd
Score

10^/10

glupteba dropper evasion loader persistence suricata trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencesuricatatrojan

behavioral2

gluptebadropperevasionloaderpersistencesuricata

© 2018-2024

Terms | Privacy