glupteba | 7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a
Size

4.0MB
Sample

220828-w8nffsdadl
MD5

d06e6b05163f7a22b057bae5f9382fa9
SHA1

1593939e83dbffe2934c6106536334b9519f57ce
SHA256

7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a
SHA512

e37d434a33955aa6ba9c1aa07d743bef60ea831f0bcc1480858596b4b791124c8c917f8607e3b12779c7493b1ceef592a7ccf58946aef519d5b9963965051c26
SSDEEP

98304:9W+t5JLbHCNDyoeGLwLofgxrLpYTcFY5XGy0JDSj3UP:XvJLTK9esg5NY5WyaSj3s

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a
- Size
  
  4.0MB
- MD5
  
  d06e6b05163f7a22b057bae5f9382fa9
- SHA1
  
  1593939e83dbffe2934c6106536334b9519f57ce
- SHA256
  
  7453e7706fcf34a1148c95080f63e8bd0cb3183b59e5bce74dc1d9a1e3afb96a
- SHA512
  
  e37d434a33955aa6ba9c1aa07d743bef60ea831f0bcc1480858596b4b791124c8c917f8607e3b12779c7493b1ceef592a7ccf58946aef519d5b9963965051c26
- SSDEEP
  
  98304:9W+t5JLbHCNDyoeGLwLofgxrLpYTcFY5XGy0JDSj3UP:XvJLTK9esg5NY5WyaSj3s
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy