glupteba | 7d7562dfa4565ff614fb1a0da3453ba87f1c57d1599fcd9fc72a039750c42cca | Triage

Submit
Reports

Overview

overview

Static

static

c7a2d4deab...ce.exe

windows7-x64

c7a2d4deab...ce.exe

windows10-2004-x64

Resubmissions

31-12-2023 02:29

231231-cyw53ahfg6 10

31-12-2023 02:09

231231-ck5kaaefd3 10

Sharing

General

Target

c921001283ef83c22480a86838160329.bin
Size

27KB
Sample

231231-ck5kaaefd3
MD5

8b70b0c2d02df46268a5ba932dfefd75
SHA1

337014dd9686fcc4cc0d190a7515f353912986b4
SHA256

7d7562dfa4565ff614fb1a0da3453ba87f1c57d1599fcd9fc72a039750c42cca
SHA512

cc4ae76c0a4d0712d355de6154f4b01bd2bee86007475668562aa252b7ddcca955c1e2548c59e7786411fe90aa5cd7ee70a00a8896e25d7916928ce9abda9f5a
SSDEEP

768:3tBHM/tt4H8ktyZP65wHj/VdcfpdciUTE+/u1d:dZMVtz5A4jddcPlUTEq0d

Score

10^/10

glupteba redline smokeloader livetrafic up3 backdoor dropper evasion infostealer loader trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c7a2d4deab33d14c5c0df61413662f9c025a289c61378a0cd660d0daf521a0ce.exe

Resource

win7-20231129-en

glupteba redline smokeloader livetrafic up3 backdoor dropper evasion infostealer loader trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

c7a2d4deab33d14c5c0df61413662f9c025a289c61378a0cd660d0daf521a0ce.exe

Resource

win10v2004-20231215-en

glupteba redline smokeloader livetrafic up3 backdoor dropper infostealer loader trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://185.215.113.68/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

redline

Botnet

LiveTrafic

C2

20.79.30.95:13856

Targets

- Target
  
  c7a2d4deab33d14c5c0df61413662f9c025a289c61378a0cd660d0daf521a0ce.exe
- Size
  
  37KB
- MD5
  
  c921001283ef83c22480a86838160329
- SHA1
  
  015b62dc84aac30eadf2228fcc978d7a8adb2950
- SHA256
  
  c7a2d4deab33d14c5c0df61413662f9c025a289c61378a0cd660d0daf521a0ce
- SHA512
  
  e7967f21f62261fc8fff068e284cebc15bbe2bd3fa02c6b9379c711313c7a1599bf5cb733a9d3342453e6dc16ace411c1cd3dfb6d1028ab4db681b70a70c79b7
- SSDEEP
  
  768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Score

10^/10

glupteba redline smokeloader livetrafic up3 backdoor dropper evasion infostealer loader trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebaredlinesmokeloaderlivetraficup3backdoordropperevasioninfostealerloadertrojan

behavioral2

gluptebaredlinesmokeloaderlivetraficup3backdoordropperinfostealerloadertrojan

© 2018-2024

Terms | Privacy