glupteba | 5ad271e34d2bee4cf1ef660ee972d19d6c69a87a4118df1bca055efcb91e4284 | Triage

Submit
Reports

Overview

overview

Static

static

3

4f1276b550...18.exe

windows7-x64

4f1276b550...18.exe

windows10-2004-x64

Sharing

General

Target

4f1276b550ab50b016775116ae196bef_JaffaCakes118
Size

4.7MB
Sample

240716-tlxdqstaph
MD5

4f1276b550ab50b016775116ae196bef
SHA1

ba29672a510319790d598b904b51ae25234cb7b3
SHA256

5ad271e34d2bee4cf1ef660ee972d19d6c69a87a4118df1bca055efcb91e4284
SHA512

71149c597afbb669b3be1360f59bef494994bd19aa5a37f3d496b9702df88334690cbb3545ca5a1af29517b6672b5f6ec6cad48186e59d2863dd0bb7b3984c63
SSDEEP

98304:f3CTd8/K8PTPiVOqu713o5f7w5sxiphTtMlYiBUlwrFfwg:f0deTlV07wCxghT4Tfw

Score

10^/10

glupteba dropper evasion loader persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4f1276b550ab50b016775116ae196bef_JaffaCakes118.exe

Resource

win7-20240705-en

glupteba dropper evasion loader persistence privilege_escalation trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f1276b550ab50b016775116ae196bef_JaffaCakes118.exe

Resource

win10v2004-20240709-en

glupteba dropper evasion loader persistence privilege_escalation

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f1276b550ab50b016775116ae196bef_JaffaCakes118
- Size
  
  4.7MB
- MD5
  
  4f1276b550ab50b016775116ae196bef
- SHA1
  
  ba29672a510319790d598b904b51ae25234cb7b3
- SHA256
  
  5ad271e34d2bee4cf1ef660ee972d19d6c69a87a4118df1bca055efcb91e4284
- SHA512
  
  71149c597afbb669b3be1360f59bef494994bd19aa5a37f3d496b9702df88334690cbb3545ca5a1af29517b6672b5f6ec6cad48186e59d2863dd0bb7b3984c63
- SSDEEP
  
  98304:f3CTd8/K8PTPiVOqu713o5f7w5sxiphTtMlYiBUlwrFfwg:f0deTlV07wCxghT4Tfw
Score

10^/10

glupteba dropper evasion loader persistence privilege_escalation trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistenceprivilege_escalationtrojan

behavioral2

gluptebadropperevasionloaderpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy