glupteba | 3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696 | Triage

Submit
Reports

Overview

overview

Static

static

3a9047e8ec...96.exe

windows7_x64

3a9047e8ec...96.exe

windows10-2004_x64

Sharing

General

Target

3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696
Size

3.9MB
Sample

220625-dh81csdhf9
MD5

a304fcc7873a037dbaa4750a2708b886
SHA1

527abe28f3bf912694ba2c73c496783faf306fc8
SHA256

3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696
SHA512

85e6bf852732c47bf5de9720742d14ca768a9e79494929153c61d806fc0730b2bfb23a62a84125e9951574830460f504d7631bad5aa5bec243d2428d3b2031bd

Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696.exe

Resource

win7-20220414-en

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696.exe

Resource

win10v2004-20220414-en

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696
- Size
  
  3.9MB
- MD5
  
  a304fcc7873a037dbaa4750a2708b886
- SHA1
  
  527abe28f3bf912694ba2c73c496783faf306fc8
- SHA256
  
  3a9047e8ecfff014c2a32954d3b88e84f92f2655c21de6c8808240ff88afc696
- SHA512
  
  85e6bf852732c47bf5de9720742d14ca768a9e79494929153c61d806fc0730b2bfb23a62a84125e9951574830460f504d7631bad5aa5bec243d2428d3b2031bd
Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba Payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Modifies boot configuration data using bcdedit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistencetrojan

behavioral2

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy