Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a35b2ebe85c5b4497938609b1cd6c0b8556dfe69a23049a9bebfc7905037f734

  • Size

    4.1MB

  • Sample

    240517-pymb3shh86

  • MD5

    1be2c183da3ae9791ead2df9ca460ae7

  • SHA1

    bb476344ea2e17754a636f95b34cce86ea7f1041

  • SHA256

    a35b2ebe85c5b4497938609b1cd6c0b8556dfe69a23049a9bebfc7905037f734

  • SHA512

    6f9c858c31cc7dacb6cec37a99f702067e285d71162825c06ee9f9a3b7bda6549c1389bc0229c2d580ebbee0b33392fa062825e878f3e42d7c196064948dbfcb

  • SSDEEP

    98304:nBVs1p4PpCxl89qkqVHLjfQjDTn2r+Nba:Ba1p4P0l8MfVLMTra

Score
10/10
gluptebadropperevasionexecutionloaderpersistenceupx

Malware Config

Targets

    • Target

      a35b2ebe85c5b4497938609b1cd6c0b8556dfe69a23049a9bebfc7905037f734

    • Size

      4.1MB

    • MD5

      1be2c183da3ae9791ead2df9ca460ae7

    • SHA1

      bb476344ea2e17754a636f95b34cce86ea7f1041

    • SHA256

      a35b2ebe85c5b4497938609b1cd6c0b8556dfe69a23049a9bebfc7905037f734

    • SHA512

      6f9c858c31cc7dacb6cec37a99f702067e285d71162825c06ee9f9a3b7bda6549c1389bc0229c2d580ebbee0b33392fa062825e878f3e42d7c196064948dbfcb

    • SSDEEP

      98304:nBVs1p4PpCxl89qkqVHLjfQjDTn2r+Nba:Ba1p4P0l8MfVLMTra

    Score
    10/10
    gluptebadropperevasionexecutionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks