Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8c73131c455ed7ee4c5f95b202a4f3b3a0b5b0d8bf686664e5a337c5d795f7d

  • Size

    4.1MB

  • Sample

    220912-spahpsdee9

  • MD5

    35d48c1b35aaffa363148a5dfe9b3af9

  • SHA1

    676fde824929611446ecd5c91a36543f4b0fb09d

  • SHA256

    f8c73131c455ed7ee4c5f95b202a4f3b3a0b5b0d8bf686664e5a337c5d795f7d

  • SHA512

    2be35fb2421458f25ace018c678bf6929f72c7c53423f3e77fbccba76c39789fe265e79fd149ad044729e22834609c118b2cdcc67e6b16e49a36438f3788ee72

  • SSDEEP

    98304:Ig+rWt5mlR5/rsO0HCqfQCtlyc75hDkYVYagLviUVkq:B0a5kIO0pz+u5ZVYagLviUL

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      f8c73131c455ed7ee4c5f95b202a4f3b3a0b5b0d8bf686664e5a337c5d795f7d

    • Size

      4.1MB

    • MD5

      35d48c1b35aaffa363148a5dfe9b3af9

    • SHA1

      676fde824929611446ecd5c91a36543f4b0fb09d

    • SHA256

      f8c73131c455ed7ee4c5f95b202a4f3b3a0b5b0d8bf686664e5a337c5d795f7d

    • SHA512

      2be35fb2421458f25ace018c678bf6929f72c7c53423f3e77fbccba76c39789fe265e79fd149ad044729e22834609c118b2cdcc67e6b16e49a36438f3788ee72

    • SSDEEP

      98304:Ig+rWt5mlR5/rsO0HCqfQCtlyc75hDkYVYagLviUVkq:B0a5kIO0pz+u5ZVYagLviUL

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks