glupteba | dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08 | Triage

Submit
Reports

Overview

overview

Static

static

dd4053232a...08.exe

windows7-x64

dd4053232a...08.exe

windows10-2004-x64

Sharing

General

Target

dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08
Size

5.0MB
Sample

230129-wamq9sfg88
MD5

ca4b4c1d1446f489b86d26437a0eb7ee
SHA1

7fb5c07d3f6658e12a35da6d98c57e9d8427d47d
SHA256

dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08
SHA512

7847515ad733efdf9fa60139563980f6c6ed79dc944d5624857a64d9a073a7341a5dbc5e4f423bdfc7e5cd88cce25fbb39ab2d6c171c14845e9fee6b18d5f176
SSDEEP

98304:RlLfucpPn8x3xZNcU2UgWZEbS6h/klBbp3FZW3tLIfxtGheHLNROgBTd:Rl/Bwfc7uF3btRUq

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08.exe

Resource

win7-20220812-en

glupteba dropper evasion loader persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08.exe

Resource

win10v2004-20221111-en

glupteba dropper evasion loader

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08
- Size
  
  5.0MB
- MD5
  
  ca4b4c1d1446f489b86d26437a0eb7ee
- SHA1
  
  7fb5c07d3f6658e12a35da6d98c57e9d8427d47d
- SHA256
  
  dd4053232afbb1246e76849c6bae2316ab2a9a7e678e61486f165301ff53ec08
- SHA512
  
  7847515ad733efdf9fa60139563980f6c6ed79dc944d5624857a64d9a073a7341a5dbc5e4f423bdfc7e5cd88cce25fbb39ab2d6c171c14845e9fee6b18d5f176
- SSDEEP
  
  98304:RlLfucpPn8x3xZNcU2UgWZEbS6h/klBbp3FZW3tLIfxtGheHLNROgBTd:Rl/Bwfc7uF3btRUq
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

behavioral2

gluptebadropperevasionloader

© 2018-2024

Terms | Privacy