glupteba | 403e4a95c62534f82ad14a845e0c13d938cc6f5e596d669200798535d81e1fd9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

403e4a95c62534f82ad14a845e0c13d938cc6f5e596d669200798535d81e1fd9
Size

4.2MB
Sample

221204-jf61wadb5x
MD5

56f9be7964db8aa92c4207d47e3ffcf8
SHA1

a77d4f80b7e07eb782431d5d8d1be36f4d048401
SHA256

403e4a95c62534f82ad14a845e0c13d938cc6f5e596d669200798535d81e1fd9
SHA512

b75b034139d60fc1ef5f5e0d1b9f6606f3bc7a26bfbc8eb21ff1c7b0e353bfaacc1ea4d5fe02026d561ce998412d17f4390bdbe95768f691edc69df99130f019
SSDEEP

98304:1pNLIapwgazcs+6ZwqdPPNKZ/k5Ja300oDVmr+xcQBVLCI:R+Xcz6OqdPPy7yxcQBJCI

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  403e4a95c62534f82ad14a845e0c13d938cc6f5e596d669200798535d81e1fd9
- Size
  
  4.2MB
- MD5
  
  56f9be7964db8aa92c4207d47e3ffcf8
- SHA1
  
  a77d4f80b7e07eb782431d5d8d1be36f4d048401
- SHA256
  
  403e4a95c62534f82ad14a845e0c13d938cc6f5e596d669200798535d81e1fd9
- SHA512
  
  b75b034139d60fc1ef5f5e0d1b9f6606f3bc7a26bfbc8eb21ff1c7b0e353bfaacc1ea4d5fe02026d561ce998412d17f4390bdbe95768f691edc69df99130f019
- SSDEEP
  
  98304:1pNLIapwgazcs+6ZwqdPPNKZ/k5Ja300oDVmr+xcQBVLCI:R+Xcz6OqdPPy7yxcQBJCI
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence