glupteba | 713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f | Triage

Submit
Reports

Overview

overview

Static

static

8

713030a09e...0f.exe

windows7_x64

713030a09e...0f.exe

windows10-2004_x64

Sharing

General

Target

713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
Size

4.2MB
Sample

220708-j8xynshagj
MD5

649193ad2480b42356f8a3510b97f380
SHA1

ce91fb0c24a8bb7bb6e2c6cd17cf797a8ddd8886
SHA256

713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
SHA512

652e89159b685418c402937264b607f27fc509a36924813bc8f3dd426e281dd3c804092938b81039d3ab7228d21d543e4b34a7739be013e1f721d75e8bf91860

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f.exe

Resource

win7-20220414-en

glupteba discovery dropper evasion loader persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f.exe

Resource

win10v2004-20220414-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
- Size
  
  4.2MB
- MD5
  
  649193ad2480b42356f8a3510b97f380
- SHA1
  
  ce91fb0c24a8bb7bb6e2c6cd17cf797a8ddd8886
- SHA256
  
  713030a09e78962d6f12c3924adef8d4275733e4579a60b7e985f864df49230f
- SHA512
  
  652e89159b685418c402937264b607f27fc509a36924813bc8f3dd426e281dd3c804092938b81039d3ab7228d21d543e4b34a7739be013e1f721d75e8bf91860
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Impair Defenses

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy