glupteba | 050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca | Triage

Submit
Reports

Overview

overview

Static

static

1

050c7bdef4...ca.exe

windows7-x64

050c7bdef4...ca.exe

windows10-2004-x64

Sharing

General

Target

050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca.exe
Size

4.1MB
Sample

240607-bda7esfh22
MD5

58aeec23aa477acc489ca29fc8222e5e
SHA1

fd189a7331274779548164e9a5c19f7c82bb287d
SHA256

050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca
SHA512

4f6ce8c769d27fa6b1b2c640ba22c995eabcec9c530221678d60a356c80c43a9a8eb47bafb16d3dc18f9f4d352fc5cf334d6d0076ac87251ee121a446ffe2176
SSDEEP

98304:mJsMjtvpLhBsrANyl+HA3P3+ZY1+eQIMXjectPnUWuRnMm8CYQO5:mWgDBsKdHAWZM+VzNxnUpRnkRj

Score

10^/10

glupteba dropper evasion execution loader ransomware

Static task

static1

Behavioral task

behavioral1

Sample

050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca.exe

Resource

win7-20240221-en

glupteba dropper evasion loader ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca.exe

Resource

win10v2004-20240426-en

glupteba dropper evasion execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca.exe
- Size
  
  4.1MB
- MD5
  
  58aeec23aa477acc489ca29fc8222e5e
- SHA1
  
  fd189a7331274779548164e9a5c19f7c82bb287d
- SHA256
  
  050c7bdef499a3aeecaa3bca43950f540c835b41a4b0d321f916e415ce564bca
- SHA512
  
  4f6ce8c769d27fa6b1b2c640ba22c995eabcec9c530221678d60a356c80c43a9a8eb47bafb16d3dc18f9f4d352fc5cf334d6d0076ac87251ee121a446ffe2176
- SSDEEP
  
  98304:mJsMjtvpLhBsrANyl+HA3P3+ZY1+eQIMXjectPnUWuRnMm8CYQO5:mWgDBsKdHAWZM+VzNxnUpRnkRj
Score

10^/10

glupteba dropper evasion loader ransomware execution
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables Discord URL observed in first stage droppers
- Detects executables containing URLs to raw contents of a Github gist
- Detects executables containing artifacts associated with disabling Widnows Defender
- Detects executables referencing many varying, potentially fake Windows User-Agents
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Possible attempt to disable PatchGuard
  Rootkits can use kernel patching to embed themselves in an operating system.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

gluptebadropperevasionloaderransomware

behavioral2

gluptebadropperevasionexecutionloader

© 2018-2025

Terms | Privacy