glupteba | 6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78
Size

4.2MB
Sample

240423-s69zwshe9z
MD5

51cac502bc86cf5a85f7c1b346ab0e06
SHA1

4a777e1798e87e5ac97cc29d088a0bd9853b32be
SHA256

6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78
SHA512

c13182e92b6ad7913e26430acbd00ac968b7cfb384bc6bce46c337ba331587bb8561f82b5b3ca7aadeaacd8c91f2523b9d4cba8139a92d1bed87fc0096c4061e
SSDEEP

98304:d+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8KJ+:uXQwQ89A3/Y5DnwBWu3Q8Kw

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78.exe

Resource

win10v2004-20240226-en

glupteba dropper evasion loader upx

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78.exe

Resource

win11-20240412-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78
- Size
  
  4.2MB
- MD5
  
  51cac502bc86cf5a85f7c1b346ab0e06
- SHA1
  
  4a777e1798e87e5ac97cc29d088a0bd9853b32be
- SHA256
  
  6a4534ff585942e758550888370398f71f1d81feee535e9b7b7d383eb69fcb78
- SHA512
  
  c13182e92b6ad7913e26430acbd00ac968b7cfb384bc6bce46c337ba331587bb8561f82b5b3ca7aadeaacd8c91f2523b9d4cba8139a92d1bed87fc0096c4061e
- SSDEEP
  
  98304:d+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8KJ+:uXQwQ89A3/Y5DnwBWu3Q8Kw
Score

10^/10

glupteba dropper evasion loader upx discovery persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebadropperevasionloaderupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy