glupteba | 404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b

Analysis

max time kernel
23s
max time network
33s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
04/02/2024, 03:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b.exe
Size

4.2MB
MD5

525f41923001a64e2a47bb8893ceaa95
SHA1

49994af3fbabea695693d80768e5ec030abb9f2b
SHA256

404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b
SHA512

bb5c82726f57dd3a76b681f5dd810589f840ed385c76e9ec784b589dfbc5a5cebc382654b58d04bdc7f3d832e274dfaad68da45879c02eae1c63a46c539bd3d7
SSDEEP

98304:vdGlegyN++D+DeE7kux9zCVxOCBg2dhzE7EAcfmxl/Z2mknz:Qle/++YeEHxozTCCYwhfmxKj

Score

10^/10

glupteba dropper loader

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 4 IoCs

resource	yara_rule
behavioral2/memory/1620-2-0x0000000004FC0000-0x00000000058AB000-memory.dmp	family_glupteba
behavioral2/memory/1620-3-0x0000000000400000-0x0000000002EA5000-memory.dmp	family_glupteba
behavioral2/memory/1620-299-0x0000000000400000-0x0000000002EA5000-memory.dmp	family_glupteba
behavioral2/memory/1620-300-0x0000000004FC0000-0x00000000058AB000-memory.dmp	family_glupteba

C:\Users\Admin\AppData\Local\Temp\404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b.exe
"C:\Users\Admin\AppData\Local\Temp\404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b.exe"
1⤵
PID:1620
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:1308
- C:\Users\Admin\AppData\Local\Temp\404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b.exe
  "C:\Users\Admin\AppData\Local\Temp\404a62c275422d072752f5f6e49084665dafa3edfbdb4d174e366a6f4e2e549b.exe"
  2⤵
  PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gvfwqodq.xbl.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/1308-26-0x0000000008440000-0x00000000084B6000-memory.dmp

Filesize
472KB

Download
memory/1308-298-0x0000000072DF0000-0x00000000734DE000-memory.dmp

Filesize
6.9MB

Download
memory/1308-7-0x0000000072DF0000-0x00000000734DE000-memory.dmp

Filesize
6.9MB

Download
memory/1308-8-0x0000000006D50000-0x0000000006D60000-memory.dmp

Filesize
64KB

Download
memory/1308-6-0x0000000003030000-0x0000000003066000-memory.dmp

Filesize
216KB

Download
memory/1308-9-0x0000000007390000-0x00000000079B8000-memory.dmp

Filesize
6.2MB

Download
memory/1308-10-0x0000000007230000-0x0000000007252000-memory.dmp

Filesize
136KB

Download
memory/1308-11-0x0000000007B30000-0x0000000007B96000-memory.dmp

Filesize
408KB

Download
memory/1308-12-0x0000000007BA0000-0x0000000007C06000-memory.dmp

Filesize
408KB

Download
memory/1308-13-0x0000000007C30000-0x0000000007F80000-memory.dmp

Filesize
3.3MB

Download
memory/1308-14-0x0000000007B00000-0x0000000007B1C000-memory.dmp

Filesize
112KB

Download
memory/1308-35-0x0000000008590000-0x00000000085CC000-memory.dmp

Filesize
240KB

Download
memory/1308-280-0x000000000A110000-0x000000000A118000-memory.dmp

Filesize
32KB

Download
memory/1308-275-0x000000000A140000-0x000000000A15A000-memory.dmp

Filesize
104KB

Download
memory/1308-15-0x0000000008500000-0x000000000854B000-memory.dmp

Filesize
300KB

Download
memory/1308-72-0x000000007F110000-0x000000007F120000-memory.dmp

Filesize
64KB

Download
memory/1308-75-0x000000006FB50000-0x000000006FEA0000-memory.dmp

Filesize
3.3MB

Download
memory/1308-81-0x0000000009FC0000-0x000000000A065000-memory.dmp

Filesize
660KB

Download
memory/1308-76-0x0000000009F60000-0x0000000009F7E000-memory.dmp

Filesize
120KB

Download
memory/1308-82-0x000000000A1E0000-0x000000000A274000-memory.dmp

Filesize
592KB

Download
memory/1308-74-0x000000006FB00000-0x000000006FB4B000-memory.dmp

Filesize
300KB

Download
memory/1308-73-0x0000000009F80000-0x0000000009FB3000-memory.dmp

Filesize
204KB

Download
memory/1620-2-0x0000000004FC0000-0x00000000058AB000-memory.dmp

Filesize
8.9MB

Download
memory/1620-3-0x0000000000400000-0x0000000002EA5000-memory.dmp

Filesize
42.6MB

Download
memory/1620-1-0x0000000004BC0000-0x0000000004FBA000-memory.dmp

Filesize
4.0MB

Download
memory/1620-299-0x0000000000400000-0x0000000002EA5000-memory.dmp

Filesize
42.6MB

Download
memory/1620-300-0x0000000004FC0000-0x00000000058AB000-memory.dmp

Filesize
8.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads