Overview

overview

10

Static

static

60f2866850...5f.exe

windows7_x64

10

60f2866850...5f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60f28668503e2321f14a4648cd0f06dd8b4854ffea8c4c642a76db763936ac5f

  • Size

    3.8MB

  • Sample

    220524-1eba9acfer

  • MD5

    79b40e7d866110b9624906e63bf87456

  • SHA1

    be098dd1ca4465bf415423f5887508e2198fb078

  • SHA256

    60f28668503e2321f14a4648cd0f06dd8b4854ffea8c4c642a76db763936ac5f

  • SHA512

    366e5c896cbbbd0a5a40fee53dc102cac67f5a65dcb0309d5d2501d3487a46edadad034a4765fc7370eec61faeefecd8dfb5f187ad5e1c921a1153438f4a662a

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      60f28668503e2321f14a4648cd0f06dd8b4854ffea8c4c642a76db763936ac5f

    • Size

      3.8MB

    • MD5

      79b40e7d866110b9624906e63bf87456

    • SHA1

      be098dd1ca4465bf415423f5887508e2198fb078

    • SHA256

      60f28668503e2321f14a4648cd0f06dd8b4854ffea8c4c642a76db763936ac5f

    • SHA512

      366e5c896cbbbd0a5a40fee53dc102cac67f5a65dcb0309d5d2501d3487a46edadad034a4765fc7370eec61faeefecd8dfb5f187ad5e1c921a1153438f4a662a

    Score
    10/10
    gluptebadropperevasionloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • Modifies Windows Firewall

      evasion

    • Modifies boot configuration data using bcdedit

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks