glupteba | 38afc38b92ce46bef4b9f01b0c5103d119c3dbd5c0072520c6263ef2435e176b | Triage

Submit
Reports

Overview

overview

Static

static

3

d449078802...18.exe

windows7-x64

d449078802...18.exe

windows10-2004-x64

Sharing

General

Target

d449078802a5330cc5553e49482a98ee_JaffaCakes118
Size

3.6MB
Sample

240908-nw49fathjn
MD5

d449078802a5330cc5553e49482a98ee
SHA1

3e6e62739a014a3711b17faa37ac729cb1d085c8
SHA256

38afc38b92ce46bef4b9f01b0c5103d119c3dbd5c0072520c6263ef2435e176b
SHA512

5f6fe11dd26e05fc4d8ab31e372b0ab2d54b20d1b3ab2be7459c3a9654c9ed6e749f58448411b9e17878ce0c7c3c098b1f24f0401ed8d2b7393910f1454897c2
SSDEEP

98304:dP0J3uD+qjebjib0i5EBi3QG+vlWoqQgS:ds96ie0i5EBiQlq

Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d449078802a5330cc5553e49482a98ee_JaffaCakes118.exe

Resource

win7-20240708-en

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

d449078802a5330cc5553e49482a98ee_JaffaCakes118.exe

Resource

win10v2004-20240802-en

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  d449078802a5330cc5553e49482a98ee_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  d449078802a5330cc5553e49482a98ee
- SHA1
  
  3e6e62739a014a3711b17faa37ac729cb1d085c8
- SHA256
  
  38afc38b92ce46bef4b9f01b0c5103d119c3dbd5c0072520c6263ef2435e176b
- SHA512
  
  5f6fe11dd26e05fc4d8ab31e372b0ab2d54b20d1b3ab2be7459c3a9654c9ed6e749f58448411b9e17878ce0c7c3c098b1f24f0401ed8d2b7393910f1454897c2
- SSDEEP
  
  98304:dP0J3uD+qjebjib0i5EBi3QG+vlWoqQgS:ds96ie0i5EBiQlq
Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Modifies boot configuration data using bcdedit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalationrootkittrojanupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalationrootkitupx

© 2018-2025

Terms | Privacy