glupteba | 6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
Size

4.2MB
Sample

240420-ggstjaaf8x
MD5

83b077307531393e5e6aaf785071ad5d
SHA1

f2967b81c058ed4c7856161f514cab2fc0fd1b4b
SHA256

6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
SHA512

692e00174f30617a2b7ba84055037d20d548d8fd7089d7804584860dbfdbb74d32613fd4f3b97abcca502e043b8180a1dd77c32f0da4554d28ce98670ab02a72
SSDEEP

98304:tLQYZG/dgZ86BiJBiuHE0xNIsAKMiZ9poPnhJgyiGt:tf8gKxTxapLMoPnzgS

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea.exe

Resource

win10v2004-20240226-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea.exe

Resource

win11-20240412-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
- Size
  
  4.2MB
- MD5
  
  83b077307531393e5e6aaf785071ad5d
- SHA1
  
  f2967b81c058ed4c7856161f514cab2fc0fd1b4b
- SHA256
  
  6f609d75eae5e6fd1d0e14c5c4aed4e0003ede931ddc002038153dabbe80f1ea
- SHA512
  
  692e00174f30617a2b7ba84055037d20d548d8fd7089d7804584860dbfdbb74d32613fd4f3b97abcca502e043b8180a1dd77c32f0da4554d28ce98670ab02a72
- SSDEEP
  
  98304:tLQYZG/dgZ86BiJBiuHE0xNIsAKMiZ9poPnhJgyiGt:tf8gKxTxapLMoPnzgS
Score

10^/10

glupteba discovery dropper evasion loader persistence upx rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy