glupteba | 7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c | Triage

Submit
Reports

Overview

overview

Static

static

1

JC_7d8f268...6c.exe

windows7-x64

JC_7d8f268...6c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

JC_7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c
Size

4.2MB
Sample

231013-c7sh8sbb9v
MD5

4d1cb8d85810d328c58b3380f5eab4e1
SHA1

8428c4c1ecb8c0d88976b7aee9a7351969caa210
SHA256

7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c
SHA512

886a9c8502ef0fd481ccce4da8e3919d69df8c8fbd6dee81054ed06c34e688384242394f25b57bbbe85929fe8658d85d40df68673abc22286a2a5093f76a02ea
SSDEEP

98304:07U1XRFHafWZ0eCyNzWbXgxqO0E4jQzQ0bytmxvDUS:jmez1xq3E6QzQ0bRp

Score

10^/10

glupteba dropper evasion loader ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

JC_7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c.exe

Resource

win7-20230831-en

glupteba dropper evasion loader ransomware upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JC_7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c.exe

Resource

win10v2004-20230915-en

glupteba dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  JC_7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c
- Size
  
  4.2MB
- MD5
  
  4d1cb8d85810d328c58b3380f5eab4e1
- SHA1
  
  8428c4c1ecb8c0d88976b7aee9a7351969caa210
- SHA256
  
  7d8f2686837a2c8c2ecf4e016fc9e239ed68d2936f5d9d44fe70d62266b3b86c
- SHA512
  
  886a9c8502ef0fd481ccce4da8e3919d69df8c8fbd6dee81054ed06c34e688384242394f25b57bbbe85929fe8658d85d40df68673abc22286a2a5093f76a02ea
- SSDEEP
  
  98304:07U1XRFHafWZ0eCyNzWbXgxqO0E4jQzQ0bytmxvDUS:jmez1xq3E6QzQ0bRp
Score

10^/10

glupteba dropper evasion loader ransomware upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

gluptebadropperevasionloaderransomwareupx

behavioral2

gluptebadropperloader

© 2018-2025

Terms | Privacy