glupteba | fe34e43d7f49d85e423caa223069de74674e6d83172c5cb59db4a1b13147642f | Triage

Sharing

General

Target

fe34e43d7f49d85e423caa223069de74674e6d83172c5cb59db4a1b13147642f
Size

4.1MB
Sample

230201-qvmdcagf78
MD5

93e96301d487270a314ba422b2272d8b
SHA1

0d770501a237fac3ea19931a0b00545bf14a2e7d
SHA256

fe34e43d7f49d85e423caa223069de74674e6d83172c5cb59db4a1b13147642f
SHA512

53024758dcfb1109ca822e54f70fa07c9df9c15ae3973b801bc8ba7860c21cb6940d4d532abd0d20d585cdf2a54f2139387bb94f441f2b797eea11891280a821
SSDEEP

98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vH:H6f3ZOkSsSJbX2t0b177m5v4jG1FT2

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  fe34e43d7f49d85e423caa223069de74674e6d83172c5cb59db4a1b13147642f
- Size
  
  4.1MB
- MD5
  
  93e96301d487270a314ba422b2272d8b
- SHA1
  
  0d770501a237fac3ea19931a0b00545bf14a2e7d
- SHA256
  
  fe34e43d7f49d85e423caa223069de74674e6d83172c5cb59db4a1b13147642f
- SHA512
  
  53024758dcfb1109ca822e54f70fa07c9df9c15ae3973b801bc8ba7860c21cb6940d4d532abd0d20d585cdf2a54f2139387bb94f441f2b797eea11891280a821
- SSDEEP
  
  98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vH:H6f3ZOkSsSJbX2t0b177m5v4jG1FT2
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence