glupteba | 5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826 | Triage

Submit
Reports

Overview

overview

Static

static

a2cbea585e...ab.exe

windows7-x64

a2cbea585e...ab.exe

windows10-2004-x64

Sharing

General

Target

7865906198.zip
Size

3.7MB
Sample

220818-hk93nadge7
MD5

35d33319ae3ed3b9a190adc0b37dab5f
SHA1

c840864223f68b7a8f14b9c7a9a34a5d22ea7d8e
SHA256

5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826
SHA512

6ca751d5b107e1ed4c07406c1a075bc7f9641a9c28a073827698b52d88dc4daa61166a8c71a5805588e130b5549b8293890d505f98b3af4dfd479272030e5f49
SSDEEP

98304:eeAV0W8TyF7QS4a2pXzNAsNco89r0Dd7l/n5+l:eeAOTG8a2p5AsOjrWdf+l

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe

Resource

win7-20220812-en

glupteba dropper evasion loader persistence trojan

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe

Resource

win10v2004-20220812-en

glupteba dropper evasion loader persistence

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
- Size
  
  4.0MB
- MD5
  
  f1953eaf2c48b94bb9772bfe38d552e3
- SHA1
  
  631171103c9bcfb7219353d95d37e313d7365682
- SHA256
  
  a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
- SHA512
  
  29d145c5bd8bb906aa754c20e46541971bb1deae7d987a47899b58b3c01db8f6e5ca4119f713ceeffa7156a5fb01255f46375e806afd41364c66b2ccb5863fd5
- SSDEEP
  
  98304:8R1MyoGwSUz6jx/0veUrId0IlpmWMzAG4u5MYkVmE:8RbJuveGId3QzAG4u5ZG
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

behavioral2

gluptebadropperevasionloaderpersistence

© 2018-2024

Terms | Privacy