glupteba | 9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6 | Triage

Submit
Reports

Overview

overview

Static

static

1

9f4f0243d3...d6.exe

windows10-2004-x64

Resubmissions

26-03-2023 16:25

230326-txfkcshb76 10

26-03-2023 16:17

230326-trvr4ahb59 10

Sharing

General

Target

9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6
Size

4.1MB
Sample

230326-txfkcshb76
MD5

fc89d686700e46edeb6942c7fdfddd1c
SHA1

ef6d0770f6d3fa833813a2b7a89e0c59454f4da3
SHA256

9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6
SHA512

6d32921875a625cd33145cb6687ad9d821f4d30ac9f5af32903a24d8c73af9fc043cd3b42ac3709b1965e4538c7905efbf3d5b68353aabe942ee870997906e8a
SSDEEP

98304:LAJRoLUMI2EcipwIPFl2pMJZ6FwN+3+i8fL6JVlgyihaV:8JR8UMI2EnWIPT2pMJQFKI4vPa

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6
- Size
  
  4.1MB
- MD5
  
  fc89d686700e46edeb6942c7fdfddd1c
- SHA1
  
  ef6d0770f6d3fa833813a2b7a89e0c59454f4da3
- SHA256
  
  9f4f0243d3916b77517e39762dda20b81f9f473b6398c36435bfabb02c7cfed6
- SHA512
  
  6d32921875a625cd33145cb6687ad9d821f4d30ac9f5af32903a24d8c73af9fc043cd3b42ac3709b1965e4538c7905efbf3d5b68353aabe942ee870997906e8a
- SSDEEP
  
  98304:LAJRoLUMI2EcipwIPFl2pMJZ6FwN+3+i8fL6JVlgyihaV:8JR8UMI2EnWIPT2pMJQFKI4vPa
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy