glupteba | 52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3 | Triage

Submit
Reports

Overview

overview

Static

static

52d0c02433...f3.exe

windows7-x64

52d0c02433...f3.exe

windows10-2004-x64

Sharing

General

Target

52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3
Size

4.3MB
Sample

220717-b8t8sabah7
MD5

1b2ad09fbe6a284aa2114f598b77aefd
SHA1

30016ba58872d05983b45d4f81d81a1b60af7ac7
SHA256

52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3
SHA512

bc747ae211af38b1d2921d6c2fc5aa49174abf25896be19a12f58ada48a607198548487073eb98683fe1b125080774527411e217f32d020bf59c8607f19383c0

Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3.exe

Resource

win7-20220414-en

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3.exe

Resource

win10v2004-20220414-en

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3
- Size
  
  4.3MB
- MD5
  
  1b2ad09fbe6a284aa2114f598b77aefd
- SHA1
  
  30016ba58872d05983b45d4f81d81a1b60af7ac7
- SHA256
  
  52d0c0243386eb7c8c507153ec9788bb53264b6ee30bc16962f3c3fcc4b0cff3
- SHA512
  
  bc747ae211af38b1d2921d6c2fc5aa49174abf25896be19a12f58ada48a607198548487073eb98683fe1b125080774527411e217f32d020bf59c8607f19383c0
Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistencetrojan

behavioral2

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy