glupteba | a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35 | Triage

Submit
Reports

Overview

overview

Static

static

1

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

Sharing

General

Target

a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35
Size

782KB
Sample

240425-2cqhtsfh9y
MD5

7fabf15848c951f6665ec449c8c77098
SHA1

f9ef6114a8e2d3838d0cadd4a71d6baf95e133cf
SHA256

a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35
SHA512

4e8b84b13bf04befb12d2f1b2f36a1a7285be640315c1a8eb61137f77ca2202b62892d95fee02debaa75ca3b5d782a5d0a7a08a010206929187504a91e9ddb0a
SSDEEP

24576:msP3PswaTgF2US1BHcFZ4wIu3p+3BCku+mzy3EKA+G:mzgFBIjhuZwhu+8EEF9

Score

10^/10

glupteba stealc dropper evasion loader stealer themida trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35.exe

Resource

win10-20240404-en

glupteba stealc dropper evasion loader stealer themida trojan upx

windows10-1703-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35
- Size
  
  782KB
- MD5
  
  7fabf15848c951f6665ec449c8c77098
- SHA1
  
  f9ef6114a8e2d3838d0cadd4a71d6baf95e133cf
- SHA256
  
  a440e88b2c1d1746b82ffaadaef0571a14f3d76dbabba87b0c3de6ac5eff2f35
- SHA512
  
  4e8b84b13bf04befb12d2f1b2f36a1a7285be640315c1a8eb61137f77ca2202b62892d95fee02debaa75ca3b5d782a5d0a7a08a010206929187504a91e9ddb0a
- SSDEEP
  
  24576:msP3PswaTgF2US1BHcFZ4wIu3p+3BCku+mzy3EKA+G:mzgFBIjhuZwhu+8EEF9
Score

10^/10

glupteba stealc dropper evasion loader stealer themida trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

gluptebastealcdropperevasionloaderstealerthemidatrojanupx

© 2018-2024

Terms | Privacy