glupteba | ad166d6ef2481d13123759c4108a340783e625c8f1f46b69e31e3bb1687211f7 | Triage

Sharing

General

Target

ad166d6ef2481d13123759c4108a340783e625c8f1f46b69e31e3bb1687211f7
Size

4.0MB
Sample

230214-f8bhwsbb37
MD5

e43e3e6e23c766cdb4832717c9416fe8
SHA1

2200cee442b5ecbd77ebf41a62dfdd3bf721feb0
SHA256

ad166d6ef2481d13123759c4108a340783e625c8f1f46b69e31e3bb1687211f7
SHA512

2c68de612ff98697de369d5a0f13e196354d5af786efa29e56e6579d9f39b1c6e96bd0629bee386e8b50cd27d8bfee61875d31fe14a6da8b1539f8d0566c68d6
SSDEEP

98304:L9YCg++YKOdZDddolxv8qlw2pKpnPHjR+G:5g+Z1dBDI9PyaoAG

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  ad166d6ef2481d13123759c4108a340783e625c8f1f46b69e31e3bb1687211f7
- Size
  
  4.0MB
- MD5
  
  e43e3e6e23c766cdb4832717c9416fe8
- SHA1
  
  2200cee442b5ecbd77ebf41a62dfdd3bf721feb0
- SHA256
  
  ad166d6ef2481d13123759c4108a340783e625c8f1f46b69e31e3bb1687211f7
- SHA512
  
  2c68de612ff98697de369d5a0f13e196354d5af786efa29e56e6579d9f39b1c6e96bd0629bee386e8b50cd27d8bfee61875d31fe14a6da8b1539f8d0566c68d6
- SSDEEP
  
  98304:L9YCg++YKOdZDddolxv8qlw2pKpnPHjR+G:5g+Z1dBDI9PyaoAG
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence