Diving Into Glupteba's UEFI Bootkit [Tuesday, February 13, 2024]

This article describes the infection chain of a new Glupteba malware campaign that took place around November 2023. The analysis reveals Glupteba's...
Diving Into Glupteba's UEFI Bootkit [Tuesday, February 13, 2024]
Diving Into Glupteba's UEFI Bootkit

Diving Into Glupteba's UEFI Bootkit

Description :
This article describes the infection chain of a new Glupteba malware campaign that took place around November 2023. The analysis reveals Glupteba's use of an undocumented UEFI bootkit that can intervene and control the OS boot process, enabling Glupteba to hide itself and create stealthy persistence. The identification of this novel UEFI bypass technique underscores Glupteba's capacity for innovation and evasion, posing a significant detection challenge.

Published Created Modified
2024-02-13 00:54:56 2024-02-13 00:54:56 2024-02-13 00:58:28

Tags

Indicators

Domains : Malwares :
  • PrivateLoader
  • Glupteba
  • SmokeLoader
Hashes :
  • 9c6af24c519d02203bfbdf568f7beb144996af9676b290a96a728ba9314b1c66
  • 8a62d01c1f321c4adb8428771af3eae1c83fec8a0e0a047b0bc17a51d19c7c96
  • 18c6e5a916eea979ea52495309e4e643232832bea614688df4cec0e3123b09d0
  • cb347e06d97fde4c7f8dd77be59b8f57d47f6e3f998d708d21a5963bc1620835
  • e4a2b53965b9d203d13dd4b5962b9f07270bb87e5738f44cf1126ce36019427d
  • c867c3bda7b6f6bd228a4d7656c069bd6cf4f67ba4b075cf4113f5b109e7d9ee
  • 84575070117b8896bafbd6f5dc364db09bea8e742f4af84884d15cab5e811060
  • c353fb081ae8e121c4dcea3ad1bc4061315728a6f0d0ac63885a4f074be5fef3
  • b84adf0716facf50418f5f228cf095e5157b6be3f04a98f26ce833057e804a4f
  • 9c44bf6c3538c93c95342f5c365de46b6494a5a5764870048df7478a9d0f8723
  • 61ab0e1ddaae4704999c4781deea56e1df5b05489bf4c0b892c47b36a63de9f4
  • 8e380777da39ad7a588f4d9b703adc18b4ba935c21b17f215a3da5792672f205
  • bb809863b3145ceef7fc12ae5bca3940f18c4a24f5b4652e7b4cea6847762887
  • 5851e0b4a79208b995ab5a7e1f5247c159aac31c7c166a4bef77be14af64c1e8
  • fdd2fbe16f96f6d2b027347fd35c2e105a483a55b43f094754c2b3374ffb051a
  • b6604ae49298c59e148b1e741ef8821ffd60c775bfb9c3234783452c54cd3069
  • 9fdb7c1359f3f2f7279f1df4bde648c080231ed21a22906e908ef3f91f0d00ee
  • 17e4590eceb4fec1e08c29b206d424172753d8472395f37d0647249ceff25817
  • 3a1cffaaa68dc4b5f0f94a1ec14b008444074a3faefa4beba20c857a21539bc1
  • aa3257efb3182a98f73ad413b34f68067f42c3c51b68d15abea5db01173afad8
  • cfc7111da7b09e7a93b93ce690f2a4d922cc1009fea8368300f06c6fa4f85472
  • 6263a6ceb172eed7bae158d8066f70cabc42b352129547e1b5ad0c1096319d30
  • a000684c9fcd2d5a528161a3513f726b2307fa6b50788a568fec0930b452d59e
  • df75b62e373e0b91f26384b21aaa8e4dc86c13078cec7e32ad595d0c86d3fedb
  • 01e86a4dfe6e0de7857b3cf2fafd041c8b3a3241e00844cb6bfbd3bfae2d36bc
  • 46eb8b98738df13a3a8c923228ca82006c7d403c7a1aac2d6bc752023b432915
  • d0d58229650ff9bf3bbf8edb55c7058a2f243e900473e0ff8849c517c2f165bd
  • 9691b5846e230e0ea87b3f8a7a6dc31daae701ca0bb83e6c7df0f683bdea01e6
  • 75bb73decf9fd21643b834a0b3e21e8e0d33910e51efbe56a2162f1180d04802
  • c4f45bdfecb3d8cb4dcfdc8f323cf5d15321d161ac92802aa1e77dfa94fd91ed
Intrusion set :
  • Glupteba
MITRE ATT&CK Techniques : Other observables :
  • Technology

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.