glupteba | 1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72
Size

4.1MB
Sample

240427-pl9a3sba8y
MD5

a8ef7802bc293132ac820b3868401a10
SHA1

e4b15e442a81d60f7c01fc978a705c39556947a4
SHA256

1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72
SHA512

9ae36debb8e6ec4e7f4aef44dd3bd6b501c81b2386f5c96c44b62e55a3bbd15a6b7f05cf0af59fc6d955a26215db64f1fc566a2cc683a10c4e5203baedca9f40
SSDEEP

98304:LxCWG3Td/212A9tSPb8vctuIp2ZHNoZVPX5Ut6lNIHcaW+cG6qPFkDdB:LxCr3TdeRtEuctuInVWCNIHlW+Uqa

Score

10^/10

glupteba dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72.exe

Resource

win10v2004-20240419-en

glupteba dropper evasion loader persistence

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72.exe

Resource

win11-20240426-en

glupteba dropper evasion loader

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72
- Size
  
  4.1MB
- MD5
  
  a8ef7802bc293132ac820b3868401a10
- SHA1
  
  e4b15e442a81d60f7c01fc978a705c39556947a4
- SHA256
  
  1318a0ad3c5fabd2915d107ea5f309fe9fe5217a79c4ebe58aca96790295ee72
- SHA512
  
  9ae36debb8e6ec4e7f4aef44dd3bd6b501c81b2386f5c96c44b62e55a3bbd15a6b7f05cf0af59fc6d955a26215db64f1fc566a2cc683a10c4e5203baedca9f40
- SSDEEP
  
  98304:LxCWG3Td/212A9tSPb8vctuIp2ZHNoZVPX5Ut6lNIHcaW+cG6qPFkDdB:LxCr3TdeRtEuctuInVWCNIHlW+Uqa
Score

10^/10

glupteba dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistence

behavioral2

gluptebadropperevasionloader

© 2018-2024

Terms | Privacy