glupteba | 746d77664f9b433b7930b1ec9ea191cad40f6020940899cee614faf5a749ac3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

746d77664f9b433b7930b1ec9ea191cad40f6020940899cee614faf5a749ac3c
Size

4.2MB
Sample

221203-pj1k6add5w
MD5

3bc8a54d35c7deda85f7d298b65f52f2
SHA1

1803199de71f6829aff2147e75651bf7e98ee42f
SHA256

746d77664f9b433b7930b1ec9ea191cad40f6020940899cee614faf5a749ac3c
SHA512

db9b068d8c9cc317e03e59a51274a60624f70d8a11652ca0a370c3a2b448cac9e259b766af1eef67c26dd0f1eaf66f44de08acb2abf6da1753c8d8ec69152d9a
SSDEEP

98304:gOAEAD7buvr+VFtgghiT8Qpf9ryzx6ZuT3VP7Yi7AEWXldC:g1EADXkr+VFtliT8Qp1+zx6ZuZP7YiL3

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  746d77664f9b433b7930b1ec9ea191cad40f6020940899cee614faf5a749ac3c
- Size
  
  4.2MB
- MD5
  
  3bc8a54d35c7deda85f7d298b65f52f2
- SHA1
  
  1803199de71f6829aff2147e75651bf7e98ee42f
- SHA256
  
  746d77664f9b433b7930b1ec9ea191cad40f6020940899cee614faf5a749ac3c
- SHA512
  
  db9b068d8c9cc317e03e59a51274a60624f70d8a11652ca0a370c3a2b448cac9e259b766af1eef67c26dd0f1eaf66f44de08acb2abf6da1753c8d8ec69152d9a
- SSDEEP
  
  98304:gOAEAD7buvr+VFtgghiT8Qpf9ryzx6ZuT3VP7Yi7AEWXldC:g1EADXkr+VFtliT8Qp1+zx6ZuZP7YiL3
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan