glupteba | eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4 | Triage

Submit
Reports

Overview

overview

Static

static

eeedd429ec...f4.exe

windows7_x64

eeedd429ec...f4.exe

windows10-2004_x64

Sharing

General

Target

eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
Size

3.8MB
Sample

220524-eb317sefd4
MD5

7796324b830619a5e77bce3c52bdee71
SHA1

49e2c8e7fc979a2a6e988174c5f1c3adc3eba523
SHA256

eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
SHA512

86c20ab791350b852d007b77fd3667f6430faabede88fb5b8b259d1a7133bb833cd6d9ca2e1f5cc72b0e02e9199bb190d86d56d8ad9976111bd980c25c1927a9

Score

10^/10

glupteba dropper evasion loader persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4.exe

Resource

win7-20220414-en

glupteba dropper evasion loader persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4.exe

Resource

win10v2004-20220414-en

glupteba dropper evasion loader persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
- Size
  
  3.8MB
- MD5
  
  7796324b830619a5e77bce3c52bdee71
- SHA1
  
  49e2c8e7fc979a2a6e988174c5f1c3adc3eba523
- SHA256
  
  eeedd429ec07e57a7aca96b786584d3b4da4d71a42f2867598e2513fe17012f4
- SHA512
  
  86c20ab791350b852d007b77fd3667f6430faabede88fb5b8b259d1a7133bb833cd6d9ca2e1f5cc72b0e02e9199bb190d86d56d8ad9976111bd980c25c1927a9
Score

10^/10

glupteba dropper evasion loader persistence suricata trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencesuricatatrojan

behavioral2

gluptebadropperevasionloaderpersistencesuricata

© 2018-2024

Terms | Privacy