glupteba | e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44 | Triage

Submit
Reports

Overview

overview

Static

static

1

e31eca26ee...44.exe

windows7-x64

e31eca26ee...44.exe

windows10-2004-x64

Sharing

General

Target

e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44.exe
Size

4.1MB
Sample

240606-mcg45adg74
MD5

e29c083b993670853ad8cc452b1cb4d1
SHA1

fce7f4d659a7cf6ca079fa26d30cbb185f9e676a
SHA256

e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44
SHA512

3937c2cd8e11722eac10b57b287b5340caa2604ef4f5be338f39e1d7fb8f9fcd82078503650aa4b70a2dfe9d3e1b3b7bb35c287c4e7f1683a574731d278e0fc8
SSDEEP

98304:JGrnwiB2dYFBQLVw0Jv37FWi1chPr/xRmmjECQgDNU:JG7LuY/yhvJWf/qmwCQmU

Score

10^/10

glupteba dropper evasion execution loader ransomware

Static task

static1

Behavioral task

behavioral1

Sample

e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44.exe

Resource

win7-20240215-en

glupteba dropper evasion loader ransomware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44.exe

Resource

win10v2004-20240426-en

glupteba dropper evasion execution loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44.exe
- Size
  
  4.1MB
- MD5
  
  e29c083b993670853ad8cc452b1cb4d1
- SHA1
  
  fce7f4d659a7cf6ca079fa26d30cbb185f9e676a
- SHA256
  
  e31eca26eebc6c55841ba9012aef2e64af914e13d85be5eed4cfee7d18b7cc44
- SHA512
  
  3937c2cd8e11722eac10b57b287b5340caa2604ef4f5be338f39e1d7fb8f9fcd82078503650aa4b70a2dfe9d3e1b3b7bb35c287c4e7f1683a574731d278e0fc8
- SSDEEP
  
  98304:JGrnwiB2dYFBQLVw0Jv37FWi1chPr/xRmmjECQgDNU:JG7LuY/yhvJWf/qmwCQmU
Score

10^/10

glupteba dropper evasion loader ransomware execution
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

gluptebadropperevasionloaderransomware

behavioral2

gluptebadropperevasionexecutionloader

© 2018-2025

Terms | Privacy