glupteba | f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b
Size

4.1MB
Sample

240516-pjxt9scg64
MD5

9d989d4ff312ee6c9ed20b8678ce29b9
SHA1

27897eb5494a276e23a2045120d98bbd708febb8
SHA256

f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b
SHA512

0b5a2a0fe91215c1b4666fc34f1ca7016c4d5df83db42d5096184e50ec046b8340cb8d0c625bc4a6b26105be1d83de10fe0d901f577810d2feee808443fae864
SSDEEP

98304:9/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU86:tlgkYS1OmbburVLyO2P5x7Yb48

Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b.exe

Resource

win10v2004-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b.exe

Resource

win11-20240419-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b
- Size
  
  4.1MB
- MD5
  
  9d989d4ff312ee6c9ed20b8678ce29b9
- SHA1
  
  27897eb5494a276e23a2045120d98bbd708febb8
- SHA256
  
  f222a754f076013d880c23d6f41a7feceb6825b931b45e8d84969e3395b28a4b
- SHA512
  
  0b5a2a0fe91215c1b4666fc34f1ca7016c4d5df83db42d5096184e50ec046b8340cb8d0c625bc4a6b26105be1d83de10fe0d901f577810d2feee808443fae864
- SSDEEP
  
  98304:9/lx2VB4FLDQS1OmkYbRsTncIxTvyO2P5x7YbDUU86:tlgkYS1OmbburVLyO2P5x7Yb48
Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy