glupteba | 817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

JC_817492e...b7.exe

windows7-x64

JC_817492e...b7.exe

windows10-2004-x64

Sharing

General

Target

JC_817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7
Size

4.2MB
Sample

231013-c6axssbb6t
MD5

902a6864c77a1156e2acf968217fc068
SHA1

c721a18cf0f7577f1b034c2867fa6e787d20b66a
SHA256

817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7
SHA512

273c2e0ccf0fbd42611d1e190ce53620dac19b209a12840b8ca3ffc9744b271ca5246ff0ad269f57aa2cd7364f3642386bdde44beb3c566bf0f80bb0b90b77c8
SSDEEP

98304:v2LSaMsua00GVP4yTqyN9qqOwAlVOkMhr2c+PXxYGrYCnb5iVp8:uSaMsn00OaEsJO3hCc+Prbkg

Score

10^/10

glupteba dropper evasion loader upx

Static task

static1

Behavioral task

behavioral1

Sample

JC_817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7.exe

Resource

win7-20230831-en

glupteba dropper evasion loader upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JC_817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7.exe

Resource

win10v2004-20230915-en

glupteba dropper evasion loader

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  JC_817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7
- Size
  
  4.2MB
- MD5
  
  902a6864c77a1156e2acf968217fc068
- SHA1
  
  c721a18cf0f7577f1b034c2867fa6e787d20b66a
- SHA256
  
  817492ecf2bf99cefbae7f2597ff273b62aaa0abde51176eabc89485840b10b7
- SHA512
  
  273c2e0ccf0fbd42611d1e190ce53620dac19b209a12840b8ca3ffc9744b271ca5246ff0ad269f57aa2cd7364f3642386bdde44beb3c566bf0f80bb0b90b77c8
- SSDEEP
  
  98304:v2LSaMsua00GVP4yTqyN9qqOwAlVOkMhr2c+PXxYGrYCnb5iVp8:uSaMsn00OaEsJO3hCc+Prbkg
Score

10^/10

glupteba dropper evasion loader upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies boot configuration data using bcdedit
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderupx

behavioral2

gluptebadropperevasionloader

© 2018-2025

Terms | Privacy