glupteba | ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a | Triage

Submit
Reports

Overview

overview

Static

static

ffb853f6cd...3a.exe

windows7-x64

ffb853f6cd...3a.exe

windows10-2004-x64

Sharing

General

Target

ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
Size

6.5MB
Sample

220724-vndvvabhd3
MD5

eec77cef2cdf57a824fac4670d69b2e6
SHA1

f1834146df5511a7fad5745705d32b1b03d31ff8
SHA256

ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
SHA512

ff774d9d0d93fb866bf298e7119a725bbeacf3b31d2c1f7a53f620e51489e5a376fb8b23530534f0a9de7829a9205dc22093237ab478f94008cf2b7167b29e70

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a.exe

Resource

win7-20220718-en

glupteba dropper evasion loader persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a.exe

Resource

win10v2004-20220721-en

glupteba dropper evasion loader persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
- Size
  
  6.5MB
- MD5
  
  eec77cef2cdf57a824fac4670d69b2e6
- SHA1
  
  f1834146df5511a7fad5745705d32b1b03d31ff8
- SHA256
  
  ffb853f6cdcadc9233213c0b79bb7a5e8bc65801b5afbc8a74370cebd2ac7e3a
- SHA512
  
  ff774d9d0d93fb866bf298e7119a725bbeacf3b31d2c1f7a53f620e51489e5a376fb8b23530534f0a9de7829a9205dc22093237ab478f94008cf2b7167b29e70
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

behavioral2

gluptebadropperevasionloaderpersistence

© 2018-2024

Terms | Privacy