glupteba | 7d9c55e2bfe0870579c31eae8b56a54a11bce5c1aa4b35838ee6f25c1a24a671

Analysis

max time kernel
110s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 11:48

Target

7d9c55e2bfe0870579c31eae8b56a54a11bce5c1aa4b35838ee6f25c1a24a671.exe
Size

4.1MB
MD5

c28467064ac43aebd9c1c7eee69d9078
SHA1

1728c0e888d7c44693b983b2aa98e499603924fa
SHA256

7d9c55e2bfe0870579c31eae8b56a54a11bce5c1aa4b35838ee6f25c1a24a671
SHA512

b2e026733fd6ccaf8eb4d69bc072450648f6297ca20428fc9987eed145ff8810cb77d2bddb117b84268baed69b6dc57a7392bc7be25a595fdf138a16d26e2f80
SSDEEP

98304:gfFFAynMh35CgXlzahyiMlUrGlH+34ueBo2fCIQYEYg:gtjmDMyOr+/3o2fCDYHg

Score

10^/10

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 2 IoCs

resource	yara_rule
behavioral1/memory/3408-1-0x0000000003210000-0x0000000003AFB000-memory.dmp	family_glupteba
behavioral1/memory/3408-2-0x0000000000400000-0x0000000000D1B000-memory.dmp	family_glupteba

C:\Users\Admin\AppData\Local\Temp\7d9c55e2bfe0870579c31eae8b56a54a11bce5c1aa4b35838ee6f25c1a24a671.exe
"C:\Users\Admin\AppData\Local\Temp\7d9c55e2bfe0870579c31eae8b56a54a11bce5c1aa4b35838ee6f25c1a24a671.exe"
1⤵
PID:3408
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:2324

memory/3408-0-0x0000000002E10000-0x0000000003208000-memory.dmp

Filesize
4.0MB

Download
memory/3408-1-0x0000000003210000-0x0000000003AFB000-memory.dmp

Filesize
8.9MB

Download
memory/3408-2-0x0000000000400000-0x0000000000D1B000-memory.dmp

Filesize
9.1MB

Download