glupteba | 905c5a791f391883dadd941eb76a2a5641cf23cca233f228e900148e8ce25486 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

905c5a791f391883dadd941eb76a2a5641cf23cca233f228e900148e8ce25486
Size

4.0MB
Sample

221201-zcd4pace8y
MD5

7730d8427face2f65d2ec3f916e1b187
SHA1

3faea258eccfabc97df344fda20ff25f5b971540
SHA256

905c5a791f391883dadd941eb76a2a5641cf23cca233f228e900148e8ce25486
SHA512

41e7292ba20e9c5d4b5430b394eab0aec13defeb29dcf0eb724be11e93b31af036e1f8abc577bd279677ceb2b90746dd7e32bc2a0debf476eee53bbb886252c9
SSDEEP

98304:G9y1Oo+LS1cQareQahAxv5z4rF1Eh/srQaXTurGRx7b:G9rLSCQareQahAxNBfrGRtb

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  905c5a791f391883dadd941eb76a2a5641cf23cca233f228e900148e8ce25486
- Size
  
  4.0MB
- MD5
  
  7730d8427face2f65d2ec3f916e1b187
- SHA1
  
  3faea258eccfabc97df344fda20ff25f5b971540
- SHA256
  
  905c5a791f391883dadd941eb76a2a5641cf23cca233f228e900148e8ce25486
- SHA512
  
  41e7292ba20e9c5d4b5430b394eab0aec13defeb29dcf0eb724be11e93b31af036e1f8abc577bd279677ceb2b90746dd7e32bc2a0debf476eee53bbb886252c9
- SSDEEP
  
  98304:G9y1Oo+LS1cQareQahAxv5z4rF1Eh/srQaXTurGRx7b:G9rLSCQareQahAxNBfrGRtb
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence