glupteba | 3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966 | Triage

Submit
Reports

Overview

overview

Static

static

1

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966
Size

4.1MB
Sample

240517-xx8spaec6s
MD5

ddb0778b4f2761b16b391ef2fb2acfdf
SHA1

3dc0e8215f2962d3cd4ab95dc5cd7a8aa773ebc0
SHA256

3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966
SHA512

1d65b22f61e79037596684deceec318c00b46c6f6bed47ddc9cb9c85625e940ae15b27578753cd618ca21e4dcfcdbf21a6a0643cd2edc9c5b4d0db9a8ccf7eed
SSDEEP

98304:KZ3eWnmCP3Day+MGMrrH7Rp/OOmeNALbhxcJ3GFuqO9B+e2R0FJP:QufQJ+wrvRp/OL3LVxY3GFuq2BkwJP

Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966.exe

Resource

win10v2004-20240426-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966.exe

Resource

win11-20240508-en

glupteba discovery dropper evasion execution loader persistence rootkit upx

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966
- Size
  
  4.1MB
- MD5
  
  ddb0778b4f2761b16b391ef2fb2acfdf
- SHA1
  
  3dc0e8215f2962d3cd4ab95dc5cd7a8aa773ebc0
- SHA256
  
  3a3c3c401472f53b4b0846739d3016d83599c4dd3eb8541446418fa723d78966
- SHA512
  
  1d65b22f61e79037596684deceec318c00b46c6f6bed47ddc9cb9c85625e940ae15b27578753cd618ca21e4dcfcdbf21a6a0643cd2edc9c5b4d0db9a8ccf7eed
- SSDEEP
  
  98304:KZ3eWnmCP3Day+MGMrrH7Rp/OOmeNALbhxcJ3GFuqO9B+e2R0FJP:QufQJ+wrvRp/OL3LVxY3GFuq2BkwJP
Score

10^/10

glupteba discovery dropper evasion execution loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

behavioral2

gluptebadiscoverydropperevasionexecutionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy