glupteba | 7bb8a3227ddfad78175f2233313f35d42862d9f8fdcfe9bb551a0cea9195aa9d | Triage

Sharing

General

Target

7bb8a3227ddfad78175f2233313f35d42862d9f8fdcfe9bb551a0cea9195aa9d
Size

4.0MB
Sample

221126-sfv32sce46
MD5

f0855323ee2c63ce7205660299e36a89
SHA1

28fae1164dfe59873d942f18d132258f8f60148e
SHA256

7bb8a3227ddfad78175f2233313f35d42862d9f8fdcfe9bb551a0cea9195aa9d
SHA512

de203e97330c18d297b26660c80f11fb1889f0d97b0d7c39e4268dbe14a7ddfa8f0107de9b66eb3179c0a3fb29e8c6e7f3080522fee2298c097edebe54448dac
SSDEEP

98304:EkJf20977Z3/AMWo3xVAPAAYVKOoSHdIGr1Clo7sbSXFY:EkJu09R4MWoBVjAYVKOTdwAsb4S

Score

10^/10

glupteba dropper evasion loader persistence

Malware Config

Targets

- Target
  
  7bb8a3227ddfad78175f2233313f35d42862d9f8fdcfe9bb551a0cea9195aa9d
- Size
  
  4.0MB
- MD5
  
  f0855323ee2c63ce7205660299e36a89
- SHA1
  
  28fae1164dfe59873d942f18d132258f8f60148e
- SHA256
  
  7bb8a3227ddfad78175f2233313f35d42862d9f8fdcfe9bb551a0cea9195aa9d
- SHA512
  
  de203e97330c18d297b26660c80f11fb1889f0d97b0d7c39e4268dbe14a7ddfa8f0107de9b66eb3179c0a3fb29e8c6e7f3080522fee2298c097edebe54448dac
- SSDEEP
  
  98304:EkJf20977Z3/AMWo3xVAPAAYVKOoSHdIGr1Clo7sbSXFY:EkJu09R4MWoBVjAYVKOTdwAsb4S
Score

10^/10

glupteba dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistence