glupteba | 772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e
Size

534KB
Sample

230921-vc4xwshd61
MD5

cd68a3823da02633a2aef5a0824abfd5
SHA1

139817ced7d45f0b32444eee7833c8e2c00a6b96
SHA256

772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e
SHA512

ea9ddf2f6104df3d90339f74e00eb465854f9cdcab9634816fa6578d6a61be70d96cb6aee3c9c890a3c70baf7f8b87c31eeef9fbabfb0737968b61092b347c3b
SSDEEP

6144:f+AUxvdjNgBoHFIZ0YesFZITJuUQnBhC/ya6H9fV:zQNg2FTJuUQnnV

Score

10^/10

glupteba smokeloader xmrig up3 backdoor google discovery dropper loader miner phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e.exe

Resource

win10-20230915-en

glupteba smokeloader xmrig up3 backdoor google discovery dropper loader miner phishing trojan

windows10-1703-x64

29 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e
- Size
  
  534KB
- MD5
  
  cd68a3823da02633a2aef5a0824abfd5
- SHA1
  
  139817ced7d45f0b32444eee7833c8e2c00a6b96
- SHA256
  
  772a2f758d727013aef9c9d9f5861394dae7fd20a937bc2cbc4dabdc0d94a55e
- SHA512
  
  ea9ddf2f6104df3d90339f74e00eb465854f9cdcab9634816fa6578d6a61be70d96cb6aee3c9c890a3c70baf7f8b87c31eeef9fbabfb0737968b61092b347c3b
- SSDEEP
  
  6144:f+AUxvdjNgBoHFIZ0YesFZITJuUQnBhC/ya6H9fV:zQNg2FTJuUQnnV
Score

10^/10

glupteba smokeloader xmrig up3 backdoor google discovery dropper loader miner phishing trojan
- Detected google phishing page
  phishing google
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebasmokeloaderxmrigup3backdoorgooglediscoverydropperloaderminerphishingtrojan

© 2018-2025

Terms | Privacy