Overview

overview

10

Static

static

1

1e9e5dc8d8...00.exe

windows7-x64

10

1e9e5dc8d8...00.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1e9e5dc8d8c854f3cb39f56804dba9b3d91484daad532c5518e476261d0c0f00

  • Size

    4.2MB

  • Sample

    231013-yttp2ahh78

  • MD5

    43f1ff8ee88ae0234f64ff90a2445a71

  • SHA1

    febf6d1622028870dcdd61fefebd73b1b7de92ed

  • SHA256

    1e9e5dc8d8c854f3cb39f56804dba9b3d91484daad532c5518e476261d0c0f00

  • SHA512

    5fb4492e14cee1991c4b0ba997cc4772d081fdb766e1d7ce04d1b6bd12c2c8e08cfb911392931cc1d82f94089ade27e1b409823e4ceb9b06ebd40cd5a9842b9e

  • SSDEEP

    98304:b/CKrjXl5mXZh8/f5G4pbp4l/41Uy7ZE9TJZo2jBPDSIE51GEa1X/:jFrj788n5GC4t41/aTJjVDS/1NaN/

Score
10/10
gluptebadropperevasionloader

Malware Config

Targets

    • Target

      1e9e5dc8d8c854f3cb39f56804dba9b3d91484daad532c5518e476261d0c0f00

    • Size

      4.2MB

    • MD5

      43f1ff8ee88ae0234f64ff90a2445a71

    • SHA1

      febf6d1622028870dcdd61fefebd73b1b7de92ed

    • SHA256

      1e9e5dc8d8c854f3cb39f56804dba9b3d91484daad532c5518e476261d0c0f00

    • SHA512

      5fb4492e14cee1991c4b0ba997cc4772d081fdb766e1d7ce04d1b6bd12c2c8e08cfb911392931cc1d82f94089ade27e1b409823e4ceb9b06ebd40cd5a9842b9e

    • SSDEEP

      98304:b/CKrjXl5mXZh8/f5G4pbp4l/41Uy7ZE9TJZo2jBPDSIE51GEa1X/:jFrj788n5GC4t41/aTJjVDS/1NaN/

    Score
    10/10
    gluptebadropperevasionloader

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies boot configuration data using bcdedit

    • Modifies Windows Firewall

      evasion

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks