Description
Glupteba is a modular loader written in Golang with various components.
General
Target
Size
Sample
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
3MB
220524-qxfctacgg7
Score
10/10
MD5
SHA1
SHA256
SHA512
720a612077a422109df3c8945e088308
14ae2f30c62b716dc97c58d3dfc7954143f950d7
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b
Malware Config
Targets
Target
MD5
Filesize
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
720a612077a422109df3c8945e088308
3MB
Score
10/10
SHA1
SHA256
SHA512
14ae2f30c62b716dc97c58d3dfc7954143f950d7
cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b
Tags
Signatures
-
Glupteba
-
Glupteba Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
Description
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
Tags
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Adds Run key to start application
Tags
TTPs
-
Drops file in System32 directory
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10