glupteba | 8f4ffa6961c8336e4a7a21680fea94c926c971325f3507dffa0ccbe925a91564 | Triage

Sharing

General

Target

8f4ffa6961c8336e4a7a21680fea94c926c971325f3507dffa0ccbe925a91564
Size

4.2MB
Sample

221202-x9afnabc8v
MD5

cc54e6eb7da11c9766a01c831c0a4825
SHA1

4c8cf6500896101634dc70f893db12fb4221f8f2
SHA256

8f4ffa6961c8336e4a7a21680fea94c926c971325f3507dffa0ccbe925a91564
SHA512

82174249aa780cee2adb93588e16fe4712733d0e7abe2a4c22b8825b48dff192ec0e1b18fa26acf90bf1f283b9cb217dd0a2bf7a938c58928f9fbba7893c72c0
SSDEEP

98304:6J4zV4mjEEy+ovTPR07FCt7W7d60qfBFUIUKhQecl:vV4mfy+ovF6CLpSBKhZi

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  8f4ffa6961c8336e4a7a21680fea94c926c971325f3507dffa0ccbe925a91564
- Size
  
  4.2MB
- MD5
  
  cc54e6eb7da11c9766a01c831c0a4825
- SHA1
  
  4c8cf6500896101634dc70f893db12fb4221f8f2
- SHA256
  
  8f4ffa6961c8336e4a7a21680fea94c926c971325f3507dffa0ccbe925a91564
- SHA512
  
  82174249aa780cee2adb93588e16fe4712733d0e7abe2a4c22b8825b48dff192ec0e1b18fa26acf90bf1f283b9cb217dd0a2bf7a938c58928f9fbba7893c72c0
- SSDEEP
  
  98304:6J4zV4mjEEy+ovTPR07FCt7W7d60qfBFUIUKhQecl:vV4mfy+ovF6CLpSBKhZi
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan