glupteba | 85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74
Size

4.1MB
Sample

220912-qkkf1ahahk
MD5

d92c5a05d58b1e59e49834165ae964bd
SHA1

2b0c793b90e4781ad519dd3088ae30d7fd4b64c3
SHA256

85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74
SHA512

e7fa1c372f60efa7bd0e46d7e2985cbceda651c3fa41c92c6d8b69a6d1bf9d6edaa5c026f1319e45f1da82dd28f349b4ff75f82820185f0e8a1ef5bd57d552ac
SSDEEP

98304:XoVdlWOOj4fBnbW8K+wIooIaWOJbG92lOf54ImL8l0:YhWR+PKyjWOJCeORd/l0

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74
- Size
  
  4.1MB
- MD5
  
  d92c5a05d58b1e59e49834165ae964bd
- SHA1
  
  2b0c793b90e4781ad519dd3088ae30d7fd4b64c3
- SHA256
  
  85dd0e5c98a0e3a9f410dbec88acf01298798a4bb5d91311c6798c32b1aa2a74
- SHA512
  
  e7fa1c372f60efa7bd0e46d7e2985cbceda651c3fa41c92c6d8b69a6d1bf9d6edaa5c026f1319e45f1da82dd28f349b4ff75f82820185f0e8a1ef5bd57d552ac
- SSDEEP
  
  98304:XoVdlWOOj4fBnbW8K+wIooIaWOJbG92lOf54ImL8l0:YhWR+PKyjWOJCeORd/l0
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy