glupteba | 5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a2cbea585e...ab.exe

windows7-x64

a2cbea585e...ab.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826
Size

3.7MB
Sample

241222-zmbfjsylh1
MD5

35d33319ae3ed3b9a190adc0b37dab5f
SHA1

c840864223f68b7a8f14b9c7a9a34a5d22ea7d8e
SHA256

5fb2f862e4f1fd327c0a493082de9b66fb7a91d4dccef8273b7f75926d888826
SHA512

6ca751d5b107e1ed4c07406c1a075bc7f9641a9c28a073827698b52d88dc4daa61166a8c71a5805588e130b5549b8293890d505f98b3af4dfd479272030e5f49
SSDEEP

98304:eeAV0W8TyF7QS4a2pXzNAsNco89r0Dd7l/n5+l:eeAOTG8a2p5AsOjrWdf+l

Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe

Resource

win7-20240903-en

glupteba discovery dropper evasion loader persistence privilege_escalation trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab.exe

Resource

win10v2004-20241007-en

glupteba discovery dropper evasion loader persistence privilege_escalation

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
- Size
  
  4.0MB
- MD5
  
  f1953eaf2c48b94bb9772bfe38d552e3
- SHA1
  
  631171103c9bcfb7219353d95d37e313d7365682
- SHA256
  
  a2cbea585ececfe380a0b431d1f9ae67005cd73fd22acfde16e814dc9bb3d8ab
- SHA512
  
  29d145c5bd8bb906aa754c20e46541971bb1deae7d987a47899b58b3c01db8f6e5ca4119f713ceeffa7156a5fb01255f46375e806afd41364c66b2ccb5863fd5
- SSDEEP
  
  98304:8R1MyoGwSUz6jx/0veUrId0IlpmWMzAG4u5MYkVmE:8RbJuveGId3QzAG4u5ZG
Score

10^/10

glupteba discovery dropper evasion loader persistence privilege_escalation trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba family
  glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalationtrojan

behavioral2

gluptebadiscoverydropperevasionloaderpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.