Overview

overview

10

Static

static

bc77caa3e0...25.exe

windows7_x64

10

bc77caa3e0...25.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc77caa3e01cbc4d7531395b4952118141c3c153c5f485938ca8d887e35f5925

  • Size

    3.8MB

  • Sample

    220524-1hkdbsghg7

  • MD5

    5878137f1eb2f202c06e50c62b22f01d

  • SHA1

    49ec2f567d452ab530b44f2c0c85330f51d5508b

  • SHA256

    bc77caa3e01cbc4d7531395b4952118141c3c153c5f485938ca8d887e35f5925

  • SHA512

    4e6fdae5f5dcc59a218cf889c170fcb3ed0728f02d9537fdcb782f9240a6870d30fff4d5e45cef94d4ddeb08ef3973ba4177d368b4083c1ed43c5e6db3283a01

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      bc77caa3e01cbc4d7531395b4952118141c3c153c5f485938ca8d887e35f5925

    • Size

      3.8MB

    • MD5

      5878137f1eb2f202c06e50c62b22f01d

    • SHA1

      49ec2f567d452ab530b44f2c0c85330f51d5508b

    • SHA256

      bc77caa3e01cbc4d7531395b4952118141c3c153c5f485938ca8d887e35f5925

    • SHA512

      4e6fdae5f5dcc59a218cf889c170fcb3ed0728f02d9537fdcb782f9240a6870d30fff4d5e45cef94d4ddeb08ef3973ba4177d368b4083c1ed43c5e6db3283a01

    Score
    10/10
    gluptebadropperevasionloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Modifies boot configuration data using bcdedit

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks