glupteba | e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d
Size

4.2MB
Sample

231116-gdqvrsha9y
MD5

77aef547ab6abb3c133c8380a609a3b4
SHA1

730d3298f045523be4063590891740c5b47e165f
SHA256

e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d
SHA512

bd86565457817b084117bca5120cd65b77a3a03023e75b6f0a1547f05b09a4e0770dc4b8434e350b92e562785f19d66160585241c4209339babd848155bb2272
SSDEEP

98304:09M9U+zveFd8itJtRStO0JWkONG13pGEcE42kp:KcU+z0d8IJt4lh8GtpG7X

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d.exe

Resource

win10-20231023-en

glupteba dropper evasion loader persistence trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d
- Size
  
  4.2MB
- MD5
  
  77aef547ab6abb3c133c8380a609a3b4
- SHA1
  
  730d3298f045523be4063590891740c5b47e165f
- SHA256
  
  e7a02922687ff5c47aa236a92977a7ac3145068210e4a1b8a24559ea99feea3d
- SHA512
  
  bd86565457817b084117bca5120cd65b77a3a03023e75b6f0a1547f05b09a4e0770dc4b8434e350b92e562785f19d66160585241c4209339babd848155bb2272
- SSDEEP
  
  98304:09M9U+zveFd8itJtRStO0JWkONG13pGEcE42kp:KcU+z0d8IJt4lh8GtpG7X
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

© 2018-2025

Terms | Privacy