glupteba | 886058a7a36e3085dcd318d75b24c6d0576f57ab5a3045a231986475659802a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

3250ddce2d...18.exe

windows7-x64

3250ddce2d...18.exe

windows10-2004-x64

Sharing

General

Target

3250ddce2dbf5a36ae50744e6632f945_JaffaCakes118
Size

3.6MB
Sample

241010-3nwpnasgrh
MD5

3250ddce2dbf5a36ae50744e6632f945
SHA1

2e4e648fb1a583fe3d26ded76d017507e6cb1576
SHA256

886058a7a36e3085dcd318d75b24c6d0576f57ab5a3045a231986475659802a9
SHA512

ba1a82ced81d6ca0ee5b8d875ba6bd4d3933466acfd0463c53201cd749455940dcbc4db55adfbbf3d3945628af6511dedf8f1062b57078bc01d7c786ddef2060
SSDEEP

98304:Oc5F4rEVf9i9fJ5TG/dCfAeO2oopuZPpSfzDYz59r:Ow4ozCf7KdCfAdZPpiU59r

Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3250ddce2dbf5a36ae50744e6632f945_JaffaCakes118.exe

Resource

win7-20241010-en

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

3250ddce2dbf5a36ae50744e6632f945_JaffaCakes118.exe

Resource

win10v2004-20241007-en

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  3250ddce2dbf5a36ae50744e6632f945_JaffaCakes118
- Size
  
  3.6MB
- MD5
  
  3250ddce2dbf5a36ae50744e6632f945
- SHA1
  
  2e4e648fb1a583fe3d26ded76d017507e6cb1576
- SHA256
  
  886058a7a36e3085dcd318d75b24c6d0576f57ab5a3045a231986475659802a9
- SHA512
  
  ba1a82ced81d6ca0ee5b8d875ba6bd4d3933466acfd0463c53201cd749455940dcbc4db55adfbbf3d3945628af6511dedf8f1062b57078bc01d7c786ddef2060
- SSDEEP
  
  98304:Oc5F4rEVf9i9fJ5TG/dCfAeO2oopuZPpSfzDYz59r:Ow4ozCf7KdCfAdZPpiU59r
Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Modifies boot configuration data using bcdedit
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalationrootkittrojanupx

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalationrootkitupx

© 2018-2025

Terms | Privacy