Overview

overview

10

Static

static

1

501588291b...44.exe

windows7-x64

10

501588291b...44.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    501588291bc3c786ac2ed9f7aa499868598d53383d07a9be5be76c386ca51544.exe

  • Size

    4.1MB

  • Sample

    240102-tbsmssbhb7

  • MD5

    2e9500d61872b5d0ecab1fcd1816a7f2

  • SHA1

    476843d9fdcf68be91a1c2ae3fac40d938c521bf

  • SHA256

    501588291bc3c786ac2ed9f7aa499868598d53383d07a9be5be76c386ca51544

  • SHA512

    189f3b84bbbe90339ddcd917b5d3003d397578a73632beb3bbee36b868c4baea7e2cc95119843b524254a066948aef843736eb3eb46c1e211318f7c9a52eb4e4

  • SSDEEP

    98304:jnDxDynn2HvxGAPnSV1Ywzt/74819SmvpEDTxeMn0j4Y+m32:nNq2kAv1wR14mv4A4hmm

Score
10/10
gluptebadropperevasionloaderupx

Malware Config

Targets

    • Target

      501588291bc3c786ac2ed9f7aa499868598d53383d07a9be5be76c386ca51544.exe

    • Size

      4.1MB

    • MD5

      2e9500d61872b5d0ecab1fcd1816a7f2

    • SHA1

      476843d9fdcf68be91a1c2ae3fac40d938c521bf

    • SHA256

      501588291bc3c786ac2ed9f7aa499868598d53383d07a9be5be76c386ca51544

    • SHA512

      189f3b84bbbe90339ddcd917b5d3003d397578a73632beb3bbee36b868c4baea7e2cc95119843b524254a066948aef843736eb3eb46c1e211318f7c9a52eb4e4

    • SSDEEP

      98304:jnDxDynn2HvxGAPnSV1Ywzt/74819SmvpEDTxeMn0j4Y+m32:nNq2kAv1wR14mv4A4hmm

    Score
    10/10
    gluptebadropperevasionloaderupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Modifies boot configuration data using bcdedit

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks