glupteba | 9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
Size

4.2MB
Sample

240420-z8s8gsac58
MD5

25af9b4a4899d341dcc086e593c29ada
SHA1

11f4cc97ce08cfbed7655abbbb95a37a718acdab
SHA256

9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
SHA512

84902e791204d5fba7c71ca59a5463b2de2d201fa1ab575b6c9716681a5f50a88f6f750520e167bb87f26abd23a127c8526e08786ad429324c8aca795b178dba
SSDEEP

98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7ON:3TFmTI8qKjKFA4r+dAh7RQUI

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b.exe

Resource

win10v2004-20240412-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b.exe

Resource

win11-20240412-en

glupteba discovery dropper evasion loader persistence upx

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
- Size
  
  4.2MB
- MD5
  
  25af9b4a4899d341dcc086e593c29ada
- SHA1
  
  11f4cc97ce08cfbed7655abbbb95a37a718acdab
- SHA256
  
  9757a1dc535ba6d3d0bb4066a7f64f231bfdfe63c0586ce2c574dd083e353d1b
- SHA512
  
  84902e791204d5fba7c71ca59a5463b2de2d201fa1ab575b6c9716681a5f50a88f6f750520e167bb87f26abd23a127c8526e08786ad429324c8aca795b178dba
- SSDEEP
  
  98304:qB6TE4JDSTIitXqfSjBwF+v4rSSNjcdSqGUwT7RQU7ON:3TFmTI8qKjKFA4r+dAh7RQUI
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy