Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edb1811d264b04de76821640e8af97ef7d4362dd3717d414af9534c891c9bc58

  • Size

    4.4MB

  • Sample

    210915-g1zq7adadn

  • MD5

    d66f52bef862f89dbb50b74b646bd155

  • SHA1

    5da9cec049e47a814331d0f844da724236399fe6

  • SHA256

    edb1811d264b04de76821640e8af97ef7d4362dd3717d414af9534c891c9bc58

  • SHA512

    45df7988487baacaa833e62e01d0abd2fd4650eaf092990cdd74af457d17504dfc519c5aea0d4f017f041bfcb9322329094c4587619ce781ef16f93c4e61a26c

Score
10/10
gluptebametasploitbackdoordropperloadertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      edb1811d264b04de76821640e8af97ef7d4362dd3717d414af9534c891c9bc58

    • Size

      4.4MB

    • MD5

      d66f52bef862f89dbb50b74b646bd155

    • SHA1

      5da9cec049e47a814331d0f844da724236399fe6

    • SHA256

      edb1811d264b04de76821640e8af97ef7d4362dd3717d414af9534c891c9bc58

    • SHA512

      45df7988487baacaa833e62e01d0abd2fd4650eaf092990cdd74af457d17504dfc519c5aea0d4f017f041bfcb9322329094c4587619ce781ef16f93c4e61a26c

    Score
    10/10
    gluptebametasploitbackdoordropperloadertrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba Payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks