glupteba | b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c
Size

4.1MB
Sample

220912-x1y3nadhh8
MD5

cba437c5d131beef4ff6d33a794ad66b
SHA1

30cf00862b72a095c36c0a8d4a676b2a7960fb80
SHA256

b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c
SHA512

b97ade7d4c392227b01faa34bb5b001b778671fca46c6b0d8097ec23b4c5d4893ac91743a7f17a3d24ce5935ff2e906e8b185a6bab3df6f2d6fad89a30040b0d
SSDEEP

98304:h769jordpvaYZmm1F8SDypCmsqNPycQUgDFijUa1zmGrX+rGvP:kjoZpva/mkSGpCmnPycvgB9YmCVP

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c
- Size
  
  4.1MB
- MD5
  
  cba437c5d131beef4ff6d33a794ad66b
- SHA1
  
  30cf00862b72a095c36c0a8d4a676b2a7960fb80
- SHA256
  
  b8f114c40a383adbcf6285f870fb733115f6024c1a2678e993b69be49a1f411c
- SHA512
  
  b97ade7d4c392227b01faa34bb5b001b778671fca46c6b0d8097ec23b4c5d4893ac91743a7f17a3d24ce5935ff2e906e8b185a6bab3df6f2d6fad89a30040b0d
- SSDEEP
  
  98304:h769jordpvaYZmm1F8SDypCmsqNPycQUgDFijUa1zmGrX+rGvP:kjoZpva/mkSGpCmnPycvgB9YmCVP
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy