glupteba | 2a3efa158e93647cf3292fb9847d412747866e37e4e56927123fa59472b36dc9

Analysis

max time kernel
136s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 05:50

Target

2a3efa158e93647cf3292fb9847d412747866e37e4e56927123fa59472b36dc9.exe
Size

4.1MB
MD5

641410989c7dc80cfa30c467ef6f58b4
SHA1

700dcfd009bb4ae1d18c35b9db6b209e372d7086
SHA256

2a3efa158e93647cf3292fb9847d412747866e37e4e56927123fa59472b36dc9
SHA512

684ecdd6a54fe04f185249e3f45d233bbefb8d1966e8ed0ebe29e5be38ce36fef48e4ae67ad7f4ee6b469803aaf5264e7161bc13e1c9d07b8fec4d81c334da0b
SSDEEP

98304:lXpdC+AG3N331+0ioxXOrXg4JLXEXtwxhH0Q4t1aUlB7T3/YZv4wh0N2:1lAG3iKwg4JLXECj0rzPvYZvJh0N2

Score

10^/10

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 2 IoCs

resource	yara_rule
behavioral1/memory/400-134-0x00000000050A0000-0x0000000005917000-memory.dmp	family_glupteba
behavioral1/memory/400-135-0x0000000000400000-0x0000000002F48000-memory.dmp	family_glupteba

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4804	400	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\2a3efa158e93647cf3292fb9847d412747866e37e4e56927123fa59472b36dc9.exe
"C:\Users\Admin\AppData\Local\Temp\2a3efa158e93647cf3292fb9847d412747866e37e4e56927123fa59472b36dc9.exe"
1⤵
PID:400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 252
  2⤵
  - Program crash
  PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 400 -ip 400
1⤵
PID:3176

memory/400-134-0x00000000050A0000-0x0000000005917000-memory.dmp

Filesize
8.5MB

Download
memory/400-135-0x0000000000400000-0x0000000002F48000-memory.dmp

Filesize
43.3MB

Download