glupteba | 91c1d3931b046c28797920ac9553d43eb08bfb4006b0f54f777c8c7336efe870 | Triage

Sharing

General

Target

91c1d3931b046c28797920ac9553d43eb08bfb4006b0f54f777c8c7336efe870
Size

4.0MB
Sample

230203-gepzvseg51
MD5

92f0e1640c6d6f399a9bbf7f0f1046f3
SHA1

fa8f2148a0a28edfcddb95e06b574b268d6397e0
SHA256

91c1d3931b046c28797920ac9553d43eb08bfb4006b0f54f777c8c7336efe870
SHA512

4f449a3289b0e3002d87030e49f37693dec94422720675a864931224a2dd395a37065ce854cd6a94d1cdc5a748a58cff51c620a693d9c179d13d9a4413e6f892
SSDEEP

98304:+plqtTpK+E2MOdVG+5zEXnm2MiOU9HCd+0crSLm9UBsZpFVgK2O:+plqtcVCVG+NEXnm2M89HCuSUUG3H

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  91c1d3931b046c28797920ac9553d43eb08bfb4006b0f54f777c8c7336efe870
- Size
  
  4.0MB
- MD5
  
  92f0e1640c6d6f399a9bbf7f0f1046f3
- SHA1
  
  fa8f2148a0a28edfcddb95e06b574b268d6397e0
- SHA256
  
  91c1d3931b046c28797920ac9553d43eb08bfb4006b0f54f777c8c7336efe870
- SHA512
  
  4f449a3289b0e3002d87030e49f37693dec94422720675a864931224a2dd395a37065ce854cd6a94d1cdc5a748a58cff51c620a693d9c179d13d9a4413e6f892
- SSDEEP
  
  98304:+plqtTpK+E2MOdVG+5zEXnm2MiOU9HCd+0crSLm9UBsZpFVgK2O:+plqtcVCVG+NEXnm2M89HCuSUUG3H
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan