glupteba | e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82 | Triage

Sharing

General

Target

e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82
Size

4.2MB
Sample

221206-qttq2afb81
MD5

484db134818ee3052d2cfd4da53f6151
SHA1

d22a4ed1c686c7729ed5b2c702ab8546b2842ff4
SHA256

e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82
SHA512

b3d8a70828bbbc2f422d1cf18c5352fdb22404a74d9a0d72057dc054be104174225c55c3f8fa8b7dcb3a5f0e6c57a52570fecd94907d16119e6b906fbd70e7f6
SSDEEP

98304:MivlaRKQfEZ8rGCcIK68KD3JvwXv1//2/QatU9WbPKCN4RCXb:llcq8rG9IB8KDZ4fJ/5X9WbiCyCr

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82
- Size
  
  4.2MB
- MD5
  
  484db134818ee3052d2cfd4da53f6151
- SHA1
  
  d22a4ed1c686c7729ed5b2c702ab8546b2842ff4
- SHA256
  
  e003f5133933305a0ab7adc2c57d95c10b085171dc0cc5487e9393b755ef5b82
- SHA512
  
  b3d8a70828bbbc2f422d1cf18c5352fdb22404a74d9a0d72057dc054be104174225c55c3f8fa8b7dcb3a5f0e6c57a52570fecd94907d16119e6b906fbd70e7f6
- SSDEEP
  
  98304:MivlaRKQfEZ8rGCcIK68KD3JvwXv1//2/QatU9WbPKCN4RCXb:llcq8rG9IB8KDZ4fJ/5X9WbiCyCr
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence