glupteba | 2352db3324179873f94001e86556f0428bdff7b384342f2af7ac94d34f305065 | Triage

Sharing

General

Target

2352db3324179873f94001e86556f0428bdff7b384342f2af7ac94d34f305065
Size

4.1MB
Sample

230205-lw4lssha95
MD5

c64af95c56cc3430c9b1aae679786e43
SHA1

a34ef808918b5e80d0b1bea0974edef98ce7c40d
SHA256

2352db3324179873f94001e86556f0428bdff7b384342f2af7ac94d34f305065
SHA512

2819cb61ae7ed16437fb5eb0a0366d278661184236f4402721f02da89acad27b7da78744572ebd63c20d2eb685c288b19a07018c3e3ad7dc01734d701466fb82
SSDEEP

98304:wKkFVqJRUD4yKVxLziwc8rm7PLVR0gw3MaW3jkHpIr5+O+Ra:wKdXUD4F1mw5rMADFW3jkjlk

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Malware Config

Targets

- Target
  
  2352db3324179873f94001e86556f0428bdff7b384342f2af7ac94d34f305065
- Size
  
  4.1MB
- MD5
  
  c64af95c56cc3430c9b1aae679786e43
- SHA1
  
  a34ef808918b5e80d0b1bea0974edef98ce7c40d
- SHA256
  
  2352db3324179873f94001e86556f0428bdff7b384342f2af7ac94d34f305065
- SHA512
  
  2819cb61ae7ed16437fb5eb0a0366d278661184236f4402721f02da89acad27b7da78744572ebd63c20d2eb685c288b19a07018c3e3ad7dc01734d701466fb82
- SSDEEP
  
  98304:wKkFVqJRUD4yKVxLziwc8rm7PLVR0gw3MaW3jkHpIr5+O+Ra:wKdXUD4F1mw5rMADFW3jkjlk
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan