glupteba | 42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94 | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94
Size

4.1MB
Sample

240204-jgd2gsehfk
MD5

79aeaa41d1fd245d62366845d8bf0f37
SHA1

2e7caa93ef3b700317db7a8487852ab527ce10fe
SHA256

42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94
SHA512

2d7d2c229ba8b9b570be7a021ffff1799d63fc6495136a9b747a2b2f362f762836685cc9a61114d8387990cf36c958a02776b22158396e64e1977a916edaa92e
SSDEEP

98304:7mrDq/baT7K2BJUSIgSTs87iICkTHbhjYFHV66wZ:DcRSQATljAwH

Score

10^/10

glupteba dropper evasion loader ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94.exe

Resource

win7-20231215-en

glupteba dropper evasion loader ransomware upx

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94.exe

Resource

win10-20231215-en

glupteba dropper evasion loader upx

windows10-1703-x64

6 signatures

300 seconds

Malware Config

Targets

- Target
  
  42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94
- Size
  
  4.1MB
- MD5
  
  79aeaa41d1fd245d62366845d8bf0f37
- SHA1
  
  2e7caa93ef3b700317db7a8487852ab527ce10fe
- SHA256
  
  42d8f94c1fddea5cf2b241bdbe8c2b694fcb4bc9e34bbdf973d535b8bff2af94
- SHA512
  
  2d7d2c229ba8b9b570be7a021ffff1799d63fc6495136a9b747a2b2f362f762836685cc9a61114d8387990cf36c958a02776b22158396e64e1977a916edaa92e
- SSDEEP
  
  98304:7mrDq/baT7K2BJUSIgSTs87iICkTHbhjYFHV66wZ:DcRSQATljAwH
Score

10^/10

glupteba dropper evasion loader ransomware upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

gluptebadropperevasionloaderransomwareupx

behavioral2

gluptebadropperevasionloaderupx

© 2018-2025

Terms | Privacy