glupteba | bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515 | Triage

Sharing

General

Target

bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
Size

4.1MB
Sample

230128-jv3l1afh2w
MD5

d900801776499f1fa1de4b6a151da5a7
SHA1

c3539c0425ea64e2694486c3e4726e078ce473bb
SHA256

bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
SHA512

41387fb01f1d1d09ad2dd8a69844eae153abf7c153c945108002782debc2115077bdb18a1d0f3410253308bd2961f889e084166bf5ba1eab813c71fb3a4302f4
SSDEEP

98304:2Dpb+9m8RDbKHP++ZVpbcRkaPx50KXTXa/b3:Sp83S/bcRJIKXTKj

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
- Size
  
  4.1MB
- MD5
  
  d900801776499f1fa1de4b6a151da5a7
- SHA1
  
  c3539c0425ea64e2694486c3e4726e078ce473bb
- SHA256
  
  bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
- SHA512
  
  41387fb01f1d1d09ad2dd8a69844eae153abf7c153c945108002782debc2115077bdb18a1d0f3410253308bd2961f889e084166bf5ba1eab813c71fb3a4302f4
- SSDEEP
  
  98304:2Dpb+9m8RDbKHP++ZVpbcRkaPx50KXTXa/b3:Sp83S/bcRJIKXTKj
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence