glupteba | e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9
Size

4.1MB
Sample

240516-lrnpsaef8w
MD5

557786f50428dfeef92d382c0344fb1d
SHA1

84e2fd21c1d1afe28c20550bdf8a2d8a1996a3f3
SHA256

e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9
SHA512

f8503b28202515e48602e815b7c80fe9bbc60ca41cc95c140b11271547b98915dbf5b9a96988af3c53d4211acd8a014234ef931795043cfc9e0242e10fab434c
SSDEEP

98304:VH49zrfgobu9aDMWAg4dPDb/NQHvakIF/A8L3rqLZk5t2qZ3qL2LAZ5p:8r7OagDbOPW/F2k5tRZaLrv

Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9.exe

Resource

win10v2004-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9.exe

Resource

win11-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9
- Size
  
  4.1MB
- MD5
  
  557786f50428dfeef92d382c0344fb1d
- SHA1
  
  84e2fd21c1d1afe28c20550bdf8a2d8a1996a3f3
- SHA256
  
  e8b38fdf6934947bb7cb83fcf109263cae3bd843841b0c1aef4e95d4e378b3f9
- SHA512
  
  f8503b28202515e48602e815b7c80fe9bbc60ca41cc95c140b11271547b98915dbf5b9a96988af3c53d4211acd8a014234ef931795043cfc9e0242e10fab434c
- SSDEEP
  
  98304:VH49zrfgobu9aDMWAg4dPDb/NQHvakIF/A8L3rqLZk5t2qZ3qL2LAZ5p:8r7OagDbOPW/F2k5tRZaLrv
Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy