glupteba | 3a22f8573e0efde27a74123f19dd8feef86c773a750b9a0e985ce10ff0ce3f84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a22f8573e0efde27a74123f19dd8feef86c773a750b9a0e985ce10ff0ce3f84
Size

4.2MB
Sample

221206-zxfg9aga4w
MD5

6bfeca7be62bf06792916041d2d32bfd
SHA1

25a81e45ca3e8e13110eca080929bddfbb254b23
SHA256

3a22f8573e0efde27a74123f19dd8feef86c773a750b9a0e985ce10ff0ce3f84
SHA512

bce8663ed908c3b1bd3462b0ab8057635f58ed70a4cfe4323cc51a88b5ac6c68898737bde7ce84f2bf19161f92369e28e7aa91afa0268e22225941eece37f78f
SSDEEP

98304:EFgrA/c1ZpxiFXGeczbnIQMlByQuHdQtYm4btHyAYcZ:xr6c1ZMXG7zbnIQMlBidU+btHX

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  3a22f8573e0efde27a74123f19dd8feef86c773a750b9a0e985ce10ff0ce3f84
- Size
  
  4.2MB
- MD5
  
  6bfeca7be62bf06792916041d2d32bfd
- SHA1
  
  25a81e45ca3e8e13110eca080929bddfbb254b23
- SHA256
  
  3a22f8573e0efde27a74123f19dd8feef86c773a750b9a0e985ce10ff0ce3f84
- SHA512
  
  bce8663ed908c3b1bd3462b0ab8057635f58ed70a4cfe4323cc51a88b5ac6c68898737bde7ce84f2bf19161f92369e28e7aa91afa0268e22225941eece37f78f
- SSDEEP
  
  98304:EFgrA/c1ZpxiFXGeczbnIQMlByQuHdQtYm4btHyAYcZ:xr6c1ZMXG7zbnIQMlBidU+btHX
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence