glupteba | 77224997c9074abfa8a78cc46cdedc0eee06b5bf15936e1f068442a7722d4ab6 | Triage

Sharing

General

Target

77224997c9074abfa8a78cc46cdedc0eee06b5bf15936e1f068442a7722d4ab6
Size

4.1MB
Sample

221128-r1mrqsba63
MD5

0d9f4d6c8919ad921c3ed3f9b091c8d9
SHA1

b47d3700955abf18ab736fac4bc708fbbdce36fa
SHA256

77224997c9074abfa8a78cc46cdedc0eee06b5bf15936e1f068442a7722d4ab6
SHA512

04fc8282347b3b2d2483aba423bc7e34c29127ec8bb036257a656ee1e0fab45619a9ee0eb3429239346356f881d0a62dd9b1f442a2bed1be2099c9e6c6533104
SSDEEP

98304:jWU+Bro3ekVaHR0lJNS/e8iFfVcqwa/pOJ0IKbA9vxNI9D7n:jWU+B+pLSlEWqdpOJ0IouOr

Score

10^/10

glupteba dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  77224997c9074abfa8a78cc46cdedc0eee06b5bf15936e1f068442a7722d4ab6
- Size
  
  4.1MB
- MD5
  
  0d9f4d6c8919ad921c3ed3f9b091c8d9
- SHA1
  
  b47d3700955abf18ab736fac4bc708fbbdce36fa
- SHA256
  
  77224997c9074abfa8a78cc46cdedc0eee06b5bf15936e1f068442a7722d4ab6
- SHA512
  
  04fc8282347b3b2d2483aba423bc7e34c29127ec8bb036257a656ee1e0fab45619a9ee0eb3429239346356f881d0a62dd9b1f442a2bed1be2099c9e6c6533104
- SSDEEP
  
  98304:jWU+Bro3ekVaHR0lJNS/e8iFfVcqwa/pOJ0IKbA9vxNI9D7n:jWU+B+pLSlEWqdpOJ0IouOr
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan