glupteba | 3d68d566527fad6bb31d3ff200cddc42be1b9cf3edb6df01f6b4fa5799364175 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d68d566527fad6bb31d3ff200cddc42be1b9cf3edb6df01f6b4fa5799364175
Size

4.0MB
Sample

230215-mne4xabb5z
MD5

f851fdd82339194a65ac84d80b2b73d5
SHA1

4d1f14823b2d1bb440fb27f774e36fc646d9e98f
SHA256

3d68d566527fad6bb31d3ff200cddc42be1b9cf3edb6df01f6b4fa5799364175
SHA512

9ee151a3fe7785b1716c7f7c751b8366900425e8182871fe83a6c37a2b106421df96a6484510bd7c28b505b039bf404cf82a841639f223622bb339f492c6c6d4
SSDEEP

98304:0u+fdhcVXPIZzIKMk+ca30kqhMGSDO9/JUc3T4v68WRjdd5KPgZ6Rrzes:0u6cdPM+cG1tG/B2qT4vLujddsv2s

Score

10^/10

glupteba discovery dropper evasion loader persistence

Malware Config

Targets

- Target
  
  3d68d566527fad6bb31d3ff200cddc42be1b9cf3edb6df01f6b4fa5799364175
- Size
  
  4.0MB
- MD5
  
  f851fdd82339194a65ac84d80b2b73d5
- SHA1
  
  4d1f14823b2d1bb440fb27f774e36fc646d9e98f
- SHA256
  
  3d68d566527fad6bb31d3ff200cddc42be1b9cf3edb6df01f6b4fa5799364175
- SHA512
  
  9ee151a3fe7785b1716c7f7c751b8366900425e8182871fe83a6c37a2b106421df96a6484510bd7c28b505b039bf404cf82a841639f223622bb339f492c6c6d4
- SSDEEP
  
  98304:0u+fdhcVXPIZzIKMk+ca30kqhMGSDO9/JUc3T4v68WRjdd5KPgZ6Rrzes:0u6cdPM+cG1tG/B2qT4vLujddsv2s
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence