glupteba | b25b92d25b55c23f75775f1f50e83d5efc2881e8bdb02c0d2a3c3b4b21ccb9eb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

45cf09e26a...cc.exe

windows7-x64

45cf09e26a...cc.exe

windows10-2004-x64

Sharing

General

Target

45cf09e26acea6e9d65bfef33939f4cc.exe
Size

4.4MB
Sample

240106-mefzvaegh8
MD5

45cf09e26acea6e9d65bfef33939f4cc
SHA1

0f8fde24d0f0cabbcfcd97eb1b7ae84f4cbd4331
SHA256

b25b92d25b55c23f75775f1f50e83d5efc2881e8bdb02c0d2a3c3b4b21ccb9eb
SHA512

8913e691f5e6f449cad2d0836635b148b0fc98411218b7f2f4920b40cb8ad9ae8b385a88806a045aaeca477076180ab3087519e0d1ab4345bac82a9739a9af35
SSDEEP

98304:YoIRGeaWtfnBWWGqJlOOpLFWikkLMXwxFr8oiWtWKo4pX0x:mvnhGqJlOOjWRkLMAxFDF9

Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45cf09e26acea6e9d65bfef33939f4cc.exe

Resource

win7-20231215-en

glupteba metasploit backdoor dropper evasion loader trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

45cf09e26acea6e9d65bfef33939f4cc.exe

Resource

win10v2004-20231215-en

glupteba metasploit backdoor dropper evasion loader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  45cf09e26acea6e9d65bfef33939f4cc.exe
- Size
  
  4.4MB
- MD5
  
  45cf09e26acea6e9d65bfef33939f4cc
- SHA1
  
  0f8fde24d0f0cabbcfcd97eb1b7ae84f4cbd4331
- SHA256
  
  b25b92d25b55c23f75775f1f50e83d5efc2881e8bdb02c0d2a3c3b4b21ccb9eb
- SHA512
  
  8913e691f5e6f449cad2d0836635b148b0fc98411218b7f2f4920b40cb8ad9ae8b385a88806a045aaeca477076180ab3087519e0d1ab4345bac82a9739a9af35
- SSDEEP
  
  98304:YoIRGeaWtfnBWWGqJlOOpLFWikkLMXwxFr8oiWtWKo4pX0x:mvnhGqJlOOjWRkLMAxFDF9
Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies boot configuration data using bcdedit
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebametasploitbackdoordropperevasionloadertrojan

behavioral2

gluptebametasploitbackdoordropperevasionloadertrojan

© 2018-2025

Terms | Privacy