glupteba | bac656d231228951da95598955b26e5e96204226ca6d5861456a53b3e6c8d5a2 | Triage

Sharing

General

Target

bac656d231228951da95598955b26e5e96204226ca6d5861456a53b3e6c8d5a2
Size

4.0MB
Sample

221129-t76vasad8v
MD5

c3679f83359ed6cd25cbd4571fa5f936
SHA1

80dbc038b067e08fd4df1029883a2689f14c3b91
SHA256

bac656d231228951da95598955b26e5e96204226ca6d5861456a53b3e6c8d5a2
SHA512

4b2faf20cb8fcf6d1d26d50168230dbe3b9258c5f62e292c5260f38ee1e395dedac6952710015415bd9979b7bb8beb8094e6439ac2d46291b3de8c7c94dcc471
SSDEEP

98304:NCOb6eX8O55MtK/D8z1KHchr3tRqHoJ2SpiZ+Hp3a/:8kX5v/LchjtRqH4piZMa/

Score

10^/10

glupteba dropper evasion loader persistence

Malware Config

Targets

- Target
  
  bac656d231228951da95598955b26e5e96204226ca6d5861456a53b3e6c8d5a2
- Size
  
  4.0MB
- MD5
  
  c3679f83359ed6cd25cbd4571fa5f936
- SHA1
  
  80dbc038b067e08fd4df1029883a2689f14c3b91
- SHA256
  
  bac656d231228951da95598955b26e5e96204226ca6d5861456a53b3e6c8d5a2
- SHA512
  
  4b2faf20cb8fcf6d1d26d50168230dbe3b9258c5f62e292c5260f38ee1e395dedac6952710015415bd9979b7bb8beb8094e6439ac2d46291b3de8c7c94dcc471
- SSDEEP
  
  98304:NCOb6eX8O55MtK/D8z1KHchr3tRqHoJ2SpiZ+Hp3a/:8kX5v/LchjtRqH4piZMa/
Score

10^/10

glupteba dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistence