glupteba | 4c80aad5c78ee7d93dd468973e721a120303194dbdac2f23b12b79d730911c60 | Triage

Submit
Reports

Overview

overview

Static

static

3

csrss.exe

windows10-2004-x64

Sharing

General

Target

csrss.7z
Size

4.3MB
Sample

240701-lf1j7sxckr
MD5

d37b3107064b852f43eadace9abbea21
SHA1

9e01a766ddb26eb88cfdfe898502524900f92853
SHA256

4c80aad5c78ee7d93dd468973e721a120303194dbdac2f23b12b79d730911c60
SHA512

00b3cd19f200d199eee46d5b1b0fb27c7b4c0e23df88f155c986bdf1d30d01d2fed89b83d3af38343ea05314fb76b0ee0b1a8fccec4e923080c1facbfa6ac9de
SSDEEP

98304:2U6fMpYuMnh2OI/FF9AjuFU531av1WFXT8ndCfg0VTgorO//wv7:0e5Mnhz8G6uXE1W2dIH1goC/Iv7

Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

csrss.exe

Resource

win10v2004-20240611-en

glupteba metasploit backdoor discovery dropper evasion loader persistence privilege_escalation trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  csrss.exe
- Size
  
  4.4MB
- MD5
  
  3290a279c6a78104e8d1040e43bccf50
- SHA1
  
  2444a43ea7a74fe16a41576357249b96e8598421
- SHA256
  
  ab00529780e83ef9ab2420cb8f92ab7dd5c07a1ecda0a4785d056acce35f0c79
- SHA512
  
  a87c491678cc971c667e9d2a657b1a0fd4a386888ee7658a0e9f21a20d0180b9b57a7bc816bc1ff3f02bda7ac01a457d73e426e59a472ef4b6a61528f4aa09f7
- SSDEEP
  
  98304:Y6fOWfIIjhuSI9nFJA1ukxw3qFq10hWY1Z9Fil/VYVVr5Qv0C:ZHgIjhFWyYMpc10z/gleVV1QsC
Score

10^/10

glupteba metasploit backdoor discovery dropper evasion loader persistence privilege_escalation trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebametasploitbackdoordiscoverydropperevasionloaderpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy