Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe

  • Size

    4.1MB

  • MD5

    81a730c82a5e68e6ea9864ad2b2b928a

  • SHA1

    c7429cf599d98627cab9ff96caefbc3a1b4da60e

  • SHA256

    b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954

  • SHA512

    f915418257be3eca0d644e398854f3328ae9168f6c27eeacf2edc343ea17559961d27977c6386ccda8c0bdb7c66e179267113ffdaee3973ca25d76ddb7ddc5f1

  • SSDEEP

    98304:IMi5XVbaSoP0nn92GKBGloZzP4CjVUqkCDgteLHWmp38ur:H6XZaSoP//4CRUqkCDgsHW8r

Score
10/10
gluptebadropperloader

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 4 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe
    "C:\Users\Admin\AppData\Local\Temp\b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe"
    1⤵
      PID:3800
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 268
        2⤵
        • Program crash
        PID:4504
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3800 -ip 3800
      1⤵
        PID:4920

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3800-1-0x0000000003290000-0x000000000368B000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/3800-2-0x0000000005030000-0x000000000591B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/3800-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/3800-5-0x0000000005030000-0x000000000591B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/3800-4-0x0000000000400000-0x0000000002EDD000-memory.dmp

        Filesize

        42.9MB

        Download