glupteba | e913621e3f4da8f0f70a0b6cac3a225ed069e04532e8a188760f85edee6a394e | Triage

Sharing

General

Target

e913621e3f4da8f0f70a0b6cac3a225ed069e04532e8a188760f85edee6a394e
Size

4.1MB
Sample

230129-pem49sga7s
MD5

8e3bd9e92071c33770f9a8bb09bfcd60
SHA1

6897337eb3ee0400c02b28c78f8aa85dfa7d1beb
SHA256

e913621e3f4da8f0f70a0b6cac3a225ed069e04532e8a188760f85edee6a394e
SHA512

1ef80307f8523e97f649d586202e61a7bd44fa020f0fe8e6b9c88b38fa57b521141cebec0b0d26d7ceefbe39a878641480c2888aeec498f5478e286687e6a727
SSDEEP

98304:VWjdy9uKZ9gA3vf19VjbXBYIa6xL5LSA6HnfQ7rxxiNvmRgS5:wjdy9uI19VH9lLDunY7FmOF

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  e913621e3f4da8f0f70a0b6cac3a225ed069e04532e8a188760f85edee6a394e
- Size
  
  4.1MB
- MD5
  
  8e3bd9e92071c33770f9a8bb09bfcd60
- SHA1
  
  6897337eb3ee0400c02b28c78f8aa85dfa7d1beb
- SHA256
  
  e913621e3f4da8f0f70a0b6cac3a225ed069e04532e8a188760f85edee6a394e
- SHA512
  
  1ef80307f8523e97f649d586202e61a7bd44fa020f0fe8e6b9c88b38fa57b521141cebec0b0d26d7ceefbe39a878641480c2888aeec498f5478e286687e6a727
- SSDEEP
  
  98304:VWjdy9uKZ9gA3vf19VjbXBYIa6xL5LSA6HnfQ7rxxiNvmRgS5:wjdy9uI19VH9lLDunY7FmOF
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan