glupteba | d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956 | Triage

Submit
Reports

Overview

overview

Static

static

d138d2e8b8...56.exe

windows7-x64

d138d2e8b8...56.exe

windows10-2004-x64

Sharing

General

Target

d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956
Size

3.7MB
Sample

220731-lvksasbfbp
MD5

ad2b83150300987958b84e85618c4b9f
SHA1

960b6c9b85a010bd51aacbdb2c4750d8d47cba7b
SHA256

d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956
SHA512

9b83e40628f076ffc38ea4ecfc026e51be2f482cd7ebe6373bb389cf5dae218a8f788abc03f44c4e1c23500aa53ced9f733c68cddba1bc9abef408c692d0c8f1

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956.exe

Resource

win7-20220718-en

glupteba dropper evasion loader persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956.exe

Resource

win10v2004-20220721-en

glupteba dropper evasion loader persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956
- Size
  
  3.7MB
- MD5
  
  ad2b83150300987958b84e85618c4b9f
- SHA1
  
  960b6c9b85a010bd51aacbdb2c4750d8d47cba7b
- SHA256
  
  d138d2e8b8db734a3454f3288604adea74946bab5350187e5bdd0b73e38a0956
- SHA512
  
  9b83e40628f076ffc38ea4ecfc026e51be2f482cd7ebe6373bb389cf5dae218a8f788abc03f44c4e1c23500aa53ced9f733c68cddba1bc9abef408c692d0c8f1
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

behavioral2

gluptebadropperevasionloaderpersistence

© 2018-2024

Terms | Privacy