glupteba | e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266
Size

4.1MB
Sample

240510-k22tqaeb5y
MD5

5fefacee079f687746ca125c5eb4e36a
SHA1

14cb4dbf243f2f642a2258f95f0014a6e1646b42
SHA256

e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266
SHA512

86e4ed49140c24cefc5be7810e2b9a2b193690eb042ca448e1230e826cee44aa54b4d2072b0f07cb9d0f76507bdd901756be7e401e83b621465135edffce25be
SSDEEP

98304:dayzpRb0ImZEtMZhESRmRAZ+CLu88MZ+hFAPXoGejz1Qdkam:TIIQAMZnI3CLxLZAFAXoGGxQdlm

Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266.exe

Resource

win10v2004-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266.exe

Resource

win11-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266
- Size
  
  4.1MB
- MD5
  
  5fefacee079f687746ca125c5eb4e36a
- SHA1
  
  14cb4dbf243f2f642a2258f95f0014a6e1646b42
- SHA256
  
  e816e16c8817b1eb6210f34c5d5cf4be1bd06d8dd1a4c103ce47726763a47266
- SHA512
  
  86e4ed49140c24cefc5be7810e2b9a2b193690eb042ca448e1230e826cee44aa54b4d2072b0f07cb9d0f76507bdd901756be7e401e83b621465135edffce25be
- SSDEEP
  
  98304:dayzpRb0ImZEtMZhESRmRAZ+CLu88MZ+hFAPXoGejz1Qdkam:TIIQAMZnI3CLxLZAFAXoGGxQdlm
Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy