glupteba | 82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8 | Triage

Submit
Reports

Overview

overview

Static

static

82f34e859b...c8.exe

windows7-x64

82f34e859b...c8.exe

windows10-2004-x64

Sharing

General

Target

82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
Size

3.8MB
Sample

221125-k6gdksah41
MD5

52242b0f18fda799a91931a570e9ef81
SHA1

6cf0427991c4bbf47aee799e6e1b84fcfad3292f
SHA256

82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
SHA512

215a5ddd6c2465ec1b4bf44d7c928d12ff9eca5d5c262376fa38a3a268fe2478e8e484e25593f18fe143e414f750385b2e6ce5823fdb26886c8d1b452015a4f0
SSDEEP

98304:Mrq57kIMGwK/DfC/XQuFEQ4xmGR/DOFEBlyHMtw8Uj+31Lc:M4VZJbo9Axmi/D8EBlystO+

Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8.exe

Resource

win7-20221111-en

glupteba metasploit backdoor dropper evasion loader trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8.exe

Resource

win10v2004-20220901-en

glupteba metasploit backdoor discovery dropper evasion loader persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
- Size
  
  3.8MB
- MD5
  
  52242b0f18fda799a91931a570e9ef81
- SHA1
  
  6cf0427991c4bbf47aee799e6e1b84fcfad3292f
- SHA256
  
  82f34e859b458036d7f847a70b616c244aed28dc6e51c99e6c6ce144857e56c8
- SHA512
  
  215a5ddd6c2465ec1b4bf44d7c928d12ff9eca5d5c262376fa38a3a268fe2478e8e484e25593f18fe143e414f750385b2e6ce5823fdb26886c8d1b452015a4f0
- SSDEEP
  
  98304:Mrq57kIMGwK/DfC/XQuFEQ4xmGR/DOFEBlyHMtw8Uj+31Lc:M4VZJbo9Axmi/D8EBlystO+
Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan discovery persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Modifies boot configuration data using bcdedit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebametasploitbackdoordropperevasionloadertrojan

behavioral2

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy