glupteba | 03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13
Size

4.1MB
Sample

220912-3lzcrsabbm
MD5

7e1086e1fd93d412f867b46adcf57504
SHA1

c0e36b38b7c10b1527d3fb1b18e6f5c366263f2d
SHA256

03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13
SHA512

4d9d2b6644ffb6ee9d55cafeed16c547bf7275dfe62de9762cd1786d22821b7315f9aefa57ea3cbd32d176fd8ef4ef202126437e9f7ed9e6df84ecad221e4dbc
SSDEEP

98304:Uhx/lMSjy1pPIK1lRAADZ9Cua1AQSi5WBp:Uhx/l5u1pQ0AOETAHt/

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13
- Size
  
  4.1MB
- MD5
  
  7e1086e1fd93d412f867b46adcf57504
- SHA1
  
  c0e36b38b7c10b1527d3fb1b18e6f5c366263f2d
- SHA256
  
  03fc1ef3360b2d149e72fdbf9d5e89cff0f4d2387c3aa827ea4df18a66a79c13
- SHA512
  
  4d9d2b6644ffb6ee9d55cafeed16c547bf7275dfe62de9762cd1786d22821b7315f9aefa57ea3cbd32d176fd8ef4ef202126437e9f7ed9e6df84ecad221e4dbc
- SSDEEP
  
  98304:Uhx/lMSjy1pPIK1lRAADZ9Cua1AQSi5WBp:Uhx/l5u1pQ0AOETAHt/
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy