glupteba | d96f50ead46953d12a4d72867e3c6f2736b5c57233a0637af0a9da38b2e970be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d96f50ead46953d12a4d72867e3c6f2736b5c57233a0637af0a9da38b2e970be
Size

4.2MB
Sample

221204-h84wjsce2s
MD5

b0b5fb8a5d28bdc704f7977ffd4ad550
SHA1

5a5d065303a97f98643af9451e2002638d810fd2
SHA256

d96f50ead46953d12a4d72867e3c6f2736b5c57233a0637af0a9da38b2e970be
SHA512

eac67d29d11dbe821fa4d8eca99b43c30215b94c75f142bc4aa5f2836841a45f8a1d6693ecb0accb84036ead467a491c3a5ddbd0f1255e156648f810f751a8ee
SSDEEP

98304:zPsRlBc1elW9PZRg8x4M0xYFaDnR2+g5Q0gNHASh1d9ul4hpE:u6EWrRXxR9FaDnIP0nu2c

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  d96f50ead46953d12a4d72867e3c6f2736b5c57233a0637af0a9da38b2e970be
- Size
  
  4.2MB
- MD5
  
  b0b5fb8a5d28bdc704f7977ffd4ad550
- SHA1
  
  5a5d065303a97f98643af9451e2002638d810fd2
- SHA256
  
  d96f50ead46953d12a4d72867e3c6f2736b5c57233a0637af0a9da38b2e970be
- SHA512
  
  eac67d29d11dbe821fa4d8eca99b43c30215b94c75f142bc4aa5f2836841a45f8a1d6693ecb0accb84036ead467a491c3a5ddbd0f1255e156648f810f751a8ee
- SSDEEP
  
  98304:zPsRlBc1elW9PZRg8x4M0xYFaDnR2+g5Q0gNHASh1d9ul4hpE:u6EWrRXxR9FaDnIP0nu2c
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan