Extracted

• • Target

    02668ff270e65aec73adf165defd33ad[1].bin

  • Size

    4.2MB

  • MD5

    f68ce341f828fbb4b98ca708803145d8

  • SHA1

    cb3671b14511f9492fc06a3e6eb5ea65c97b7fd3

  • SHA256

    6fcb482a2372b0a403f35f434dce46d15cb260dce738fc9b3edb7c143f7b6b00

  • SHA512

    70fc9388ccfcd9c0093bd278ee9b32cc1f7e7b67720681c47045fb90da03d694e699de4d57e0f5d4a54bafff17151b93d9003524e2dba89c4e30fed178cd4878

  • SSDEEP

    98304:vX8HFXT0poo5lM3PL/GO+12Nl+glg5Lrrx3E/IGxgbQ:vX8H6oofcPzGfCuJE/xgM

  Score

  10^/10

  gluptebametasploitbackdoordiscoverydropperevasionloaderpersistenceprivilege_escalationrootkittrojan

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba family

    glupteba

  • Glupteba payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Windows security bypass

    evasiontrojan

  • Modifies boot configuration data using bcdedit

  • Drops file in Drivers directory

  • Modifies Windows Firewall

    evasion

  • Possible attempt to disable PatchGuard

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Manipulates WinMon driver.

    Roottkits write to WinMon to hide PIDs from being detected.

    rootkitevasion

  • Manipulates WinMonFS driver.

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  behavioral1behavioral2