glupteba | 86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0 | Triage

Submit
Reports

Overview

overview

Static

static

86e18b9384...d0.exe

windows7-x64

86e18b9384...d0.exe

windows10-2004-x64

Sharing

General

Target

86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0
Size

3.7MB
Sample

220725-cvb1qabacq
MD5

25352270e16b2f8edf0465daedb85e20
SHA1

f180c2435917cf8f8ce7f1f00df9342c8eaa19d8
SHA256

86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0
SHA512

3a62ca288a9665b888ce3e5a5b3e69e48f884f644acc7fc6c6f303c69e11983c70f8f789bd98c86805a9e199656c03a457132154c6f42ffdfb295918a8684091

Score

10^/10

glupteba dropper evasion loader persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0.exe

Resource

win7-20220715-en

glupteba dropper evasion loader persistence suricata trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0.exe

Resource

win10v2004-20220721-en

glupteba dropper evasion loader persistence suricata

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0
- Size
  
  3.7MB
- MD5
  
  25352270e16b2f8edf0465daedb85e20
- SHA1
  
  f180c2435917cf8f8ce7f1f00df9342c8eaa19d8
- SHA256
  
  86e18b9384f0770bd1581107c17024a6152e671c8b50978cf3b9b91220fe3ed0
- SHA512
  
  3a62ca288a9665b888ce3e5a5b3e69e48f884f644acc7fc6c6f303c69e11983c70f8f789bd98c86805a9e199656c03a457132154c6f42ffdfb295918a8684091
Score

10^/10

glupteba dropper evasion loader persistence suricata trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
  suricata
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencesuricatatrojan

behavioral2

gluptebadropperevasionloaderpersistencesuricata

© 2018-2024

Terms | Privacy