Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1c2fac992dfc7bc48272670505386656982f55e19e6433dd70eefd77cf6d473b

  • Size

    4.1MB

  • Sample

    240515-le4v8sba7z

  • MD5

    4ac5f78cc5bed1faf441d3d8c0929294

  • SHA1

    d483460ee061d2cd73b6dfd3e364a8dd74d0941f

  • SHA256

    1c2fac992dfc7bc48272670505386656982f55e19e6433dd70eefd77cf6d473b

  • SHA512

    23a07e6de32edc44f28d6b34799d73418d83357f83b1f640c0d348ab4b9b09de7ee050ada00c0addf513af7a181eefb39421ec01d649f00deea9c1b83179cdcd

  • SSDEEP

    98304:TMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAv:TBwCmIp7Ci3XwSxbLu0E0yeIUT4v

Score
10/10
gluptebadropperevasionexecutionloaderupx

Malware Config

Targets

    • Target

      1c2fac992dfc7bc48272670505386656982f55e19e6433dd70eefd77cf6d473b

    • Size

      4.1MB

    • MD5

      4ac5f78cc5bed1faf441d3d8c0929294

    • SHA1

      d483460ee061d2cd73b6dfd3e364a8dd74d0941f

    • SHA256

      1c2fac992dfc7bc48272670505386656982f55e19e6433dd70eefd77cf6d473b

    • SHA512

      23a07e6de32edc44f28d6b34799d73418d83357f83b1f640c0d348ab4b9b09de7ee050ada00c0addf513af7a181eefb39421ec01d649f00deea9c1b83179cdcd

    • SSDEEP

      98304:TMIwCeNIp7mrmH39JW0ckvUhqbUgu0QDk0l0y/C/U00fVU15PAv:TBwCmIp7Ci3XwSxbLu0E0yeIUT4v

    Score
    10/10
    gluptebadropperevasionexecutionloaderupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks