Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/05/2024, 10:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe

  • Size

    4.1MB

  • MD5

    81a730c82a5e68e6ea9864ad2b2b928a

  • SHA1

    c7429cf599d98627cab9ff96caefbc3a1b4da60e

  • SHA256

    b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954

  • SHA512

    f915418257be3eca0d644e398854f3328ae9168f6c27eeacf2edc343ea17559961d27977c6386ccda8c0bdb7c66e179267113ffdaee3973ca25d76ddb7ddc5f1

  • SSDEEP

    98304:IMi5XVbaSoP0nn92GKBGloZzP4CjVUqkCDgteLHWmp38ur:H6XZaSoP//4CRUqkCDgsHW8r

Score
10/10
gluptebadropperloader

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 4 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe
    "C:\Users\Admin\AppData\Local\Temp\b6c3849b717558f2c869c17641f984bdb838dd5edf51fe83440b08821d27a954.exe"
    1⤵
      PID:2532
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 280
        2⤵
        • Program crash
        PID:740
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2532 -ip 2532
      1⤵
        PID:1028

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2532-1-0x0000000003310000-0x000000000370C000-memory.dmp

              Filesize

              4.0MB

              Download

            • memory/2532-2-0x00000000050B0000-0x000000000599B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/2532-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

              Filesize

              9.1MB

              Download

            • memory/2532-5-0x00000000050B0000-0x000000000599B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/2532-4-0x0000000000400000-0x0000000002EDD000-memory.dmp

              Filesize

              42.9MB

              Download