glupteba

General

Target

7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
Size

4.2MB
Sample

240418-2q6rzaaa8v
MD5

6c1956eb2baee6fbd3c111b4c26cd490
SHA1

70f0c07eea58dbe10210da4a6dae0939ef9d7009
SHA256

7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
SHA512

5573adade375b1ffb27d3550368167c6fe3d910f6186798dd5ba1c318371d1177df647bd1f06429c6bf1c29afaa275a7ab6a1eaa47f082d7d9e46e58c8f9a026
SSDEEP

98304:2CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/z:+tBzONTNQxJkbRihjr

Score

10^/10

Malware Config

Targets

- Target
  
  7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
- Size
  
  4.2MB
- MD5
  
  6c1956eb2baee6fbd3c111b4c26cd490
- SHA1
  
  70f0c07eea58dbe10210da4a6dae0939ef9d7009
- SHA256
  
  7a59ddefc2433806274b340af9cd19c6d119cedacfe6b5c498482c605f6a8a1b
- SHA512
  
  5573adade375b1ffb27d3550368167c6fe3d910f6186798dd5ba1c318371d1177df647bd1f06429c6bf1c29afaa275a7ab6a1eaa47f082d7d9e46e58c8f9a026
- SSDEEP
  
  98304:2CaftNj+u7KNRVHR2Q7UufYl81Mzh66Z5kbRiBHB9arql/z:+tBzONTNQxJkbRihjr
Score

10^/10

glupteba xmrig discovery dropper evasion loader miner persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- XMRig Miner payload
  miner
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Modifies boot configuration data using bcdedit
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMon driver.
  Roottkits write to WinMon to hide PIDs from being detected.
  rootkit evasion
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2