glupteba | 27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303 | Triage

Submit
Reports

Overview

overview

Static

static

1

27f43c0cba...03.exe

windows11-21h2-x64

Resubmissions

12/03/2025, 21:02

250312-zvs1kaszf1 10

01/12/2023, 00:39

231201-az4kesdd2t 10

14/07/2023, 01:04

230714-be4kcsbg44 10

14/07/2023, 00:46

230714-a4m38sce8w 10

14/07/2023, 00:15

230714-akchdsbf65 10

Sharing

General

Target

27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303
Size

4.1MB
Sample

250312-zvs1kaszf1
MD5

a49b82957f9728361ef050399b1201e1
SHA1

fb8fadf9edf93404cf5296e021788fe0319b3f51
SHA256

27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303
SHA512

2c054945c291cc3a9d2e0fa8f2d4aa0d0faf8164e1b227c7831e0e7d733ec2bd40989618706041b1a797aa7250781b93026fd1ebbbd14c3d6adbb37b1ac60b56
SSDEEP

98304:39Zizxyr+yMV/mMXcm0UGc/CU5/uqvcHXM/fnEtY7OVaXxdW4cFpabf:NgAMoM+E7x/EVaXxdWZLy

Score

10^/10

glupteba defense_evasion discovery dropper execution loader persistence privilege_escalation rootkit

Static task

static1

Behavioral task

behavioral1

Sample

27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303.exe

Resource

win11-20250217-en

glupteba defense_evasion discovery dropper execution loader persistence privilege_escalation rootkit

windows11-21h2-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303
- Size
  
  4.1MB
- MD5
  
  a49b82957f9728361ef050399b1201e1
- SHA1
  
  fb8fadf9edf93404cf5296e021788fe0319b3f51
- SHA256
  
  27f43c0cba4d8813a3c93021f76938916e4556a0c0806e48f4574a412df5c303
- SHA512
  
  2c054945c291cc3a9d2e0fa8f2d4aa0d0faf8164e1b227c7831e0e7d733ec2bd40989618706041b1a797aa7250781b93026fd1ebbbd14c3d6adbb37b1ac60b56
- SSDEEP
  
  98304:39Zizxyr+yMV/mMXcm0UGc/CU5/uqvcHXM/fnEtY7OVaXxdW4cFpabf:NgAMoM+E7x/EVaXxdWZLy
Score

10^/10

glupteba defense_evasion discovery dropper execution loader persistence privilege_escalation rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba family
  glupteba
- Glupteba payload
- Modifies Windows Firewall
  defense_evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit defense_evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadefense_evasiondiscoverydropperexecutionloaderpersistenceprivilege_escalationrootkit

© 2018-2025

Terms | Privacy