glupteba | ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
Size

4.2MB
Sample

240419-bbfdcsbg95
MD5

df93b9b1fb9fe310d16e573d47bc2d5a
SHA1

f3ce40f30135473ead9495cd91b607f0186611c7
SHA256

ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
SHA512

0179314c61f3a746c81d0b2e3fd6db46fda3d707d4452c2c319e8b25195d7adad05650967d406d6cf8e25e3a743a7b7f7949971d673d463df7d82e38f87c41c0
SSDEEP

98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ03:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBL

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e.exe

Resource

win10v2004-20240412-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e.exe

Resource

win11-20240412-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
- Size
  
  4.2MB
- MD5
  
  df93b9b1fb9fe310d16e573d47bc2d5a
- SHA1
  
  f3ce40f30135473ead9495cd91b607f0186611c7
- SHA256
  
  ebb99489b66b8d0a838adc0ac0cb13cf0641a4ba0618644311a26982692e938e
- SHA512
  
  0179314c61f3a746c81d0b2e3fd6db46fda3d707d4452c2c319e8b25195d7adad05650967d406d6cf8e25e3a743a7b7f7949971d673d463df7d82e38f87c41c0
- SSDEEP
  
  98304:KeU9Bh0ZpWG7460rhxj0FMVy+9LgCbGoD1OyJCOsGUxDW88A2xBQ03:K9j0jWE+llaMVy+90CpOuCOqDWtA2xBL
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy