glupteba | 1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922 | Triage

Submit
Reports

Overview

overview

Static

static

3

1f435b3a62...22.exe

windows7-x64

1f435b3a62...22.exe

windows10-2004-x64

Resubmissions

08-02-2024 19:00

240208-xnla2ahe7z 10

08-02-2024 07:34

240208-jd5p2aefen 10

08-02-2024 04:47

240208-fevdxabb9y 10

Sharing

General

Target

1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922
Size

5.5MB
Sample

240208-jd5p2aefen
MD5

c4580e8db0c3dbc88891842fd8a31158
SHA1

744f03fcf10db1459d3f40beaea2bfe1b000582b
SHA256

1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922
SHA512

cefd412e0d5aba56d6603fdc46a056474ce387dbb220b32a9317dca0822bef9320515afacc2ab2086db46f9e01b3456c87a0dc83bd99c246550d87efd3606945
SSDEEP

98304:Fs9EI6sZJrf04Hr3VvPkrcRizJ6krK4JLQaEHlXU+vG9G1jMaZQRrkp:W+I6sU4HjZkwkVJo1+G1jMaZQpk

Score

10^/10

glupteba smokeloader pub1 backdoor dropper evasion loader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922.exe

Resource

win7-20231129-en

glupteba smokeloader pub1 backdoor dropper evasion loader trojan

windows7-x64

6 signatures

60 seconds

Behavioral task

behavioral2

Sample

1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922.exe

Resource

win10v2004-20231215-en

glupteba smokeloader pub1 backdoor dropper evasion loader trojan

windows10-2004-x64

18 signatures

60 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922
- Size
  
  5.5MB
- MD5
  
  c4580e8db0c3dbc88891842fd8a31158
- SHA1
  
  744f03fcf10db1459d3f40beaea2bfe1b000582b
- SHA256
  
  1f435b3a62304733dce1b9caf24cfac768db739127e8ec31d466455628ec0922
- SHA512
  
  cefd412e0d5aba56d6603fdc46a056474ce387dbb220b32a9317dca0822bef9320515afacc2ab2086db46f9e01b3456c87a0dc83bd99c246550d87efd3606945
- SSDEEP
  
  98304:Fs9EI6sZJrf04Hr3VvPkrcRizJ6krK4JLQaEHlXU+vG9G1jMaZQRrkp:W+I6sU4HjZkwkVJo1+G1jMaZQpk
Score

10^/10

glupteba smokeloader pub1 backdoor dropper evasion loader trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebasmokeloaderpub1backdoordropperevasionloadertrojan

behavioral2

gluptebasmokeloaderpub1backdoordropperevasionloadertrojan

© 2018-2024

Terms | Privacy