Description
Glupteba is a modular loader written in Golang with various components.
General
Target
Size
Sample
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
3MB
220524-dsdbfadgd7
Score
10/10
MD5
SHA1
SHA256
SHA512
e2bcfb552fd8fdb88da751306f4bea2a
b99331f2858f7ee67ea907419c0769fe2279b672
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767
Malware Config
Targets
Target
MD5
Filesize
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
e2bcfb552fd8fdb88da751306f4bea2a
3MB
Score
10/10
SHA1
SHA256
SHA512
b99331f2858f7ee67ea907419c0769fe2279b672
025f3da46d16a6a0179a27b0f26d082e29358254a22e6af887b03106e9e9048c
31746515c1278da7a61e6d3a189eb42415265d6d5b364773bd3abd6284d5d7782792c1a357c20e18aca1820db17ea160eec9fa406c2f1019c322de390f262767
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Windows security bypass
Tags
TTPs
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Loads dropped DLL
-
Windows security modification
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10