glupteba

General

Target

08572299.exe
Size

4.1MB
Sample

230601-vbx3ysfg4z
MD5

64cb6f0d50b6933b1e9820f4e1fe9c2d
SHA1

9c949eeea943368492b71d2e1280be7a8eb091cb
SHA256

03f79e05be98f940d011fd9928a1edba7fa9b8a7e707f655f2142aaad0037b1e
SHA512

e5c43355de63a52b030d246007ac67f92b6a6aa060f73f41102f98b5f30af810031e9357a94dc892f802dd0cf3cc4165fa052a71cf8fd0d5d0af067d42e48435
SSDEEP

98304:fvF+L+Hrtl8j/q6zZki5Sh3H/UbW1VrKZo/2VXo:nFdaj1zZghX/NVj+xo

Score

10^/10

Malware Config

Targets

- Target
  
  08572299.exe
- Size
  
  4.1MB
- MD5
  
  64cb6f0d50b6933b1e9820f4e1fe9c2d
- SHA1
  
  9c949eeea943368492b71d2e1280be7a8eb091cb
- SHA256
  
  03f79e05be98f940d011fd9928a1edba7fa9b8a7e707f655f2142aaad0037b1e
- SHA512
  
  e5c43355de63a52b030d246007ac67f92b6a6aa060f73f41102f98b5f30af810031e9357a94dc892f802dd0cf3cc4165fa052a71cf8fd0d5d0af067d42e48435
- SSDEEP
  
  98304:fvF+L+Hrtl8j/q6zZki5Sh3H/UbW1VrKZo/2VXo:nFdaj1zZghX/NVj+xo
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMon driver.
  Roottkits write to WinMon to hide PIDs from being detected.
  rootkit evasion
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1 behavioral2