glupteba | 1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b
Size

4.1MB
Sample

220916-b3dzlsedf7
MD5

34457f0977b3c85ab4c0400dc13ba279
SHA1

0c79c0de41759d0be02f9d6b380c3b53caedf941
SHA256

1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b
SHA512

99583dc5ac369cf1bfbbc5eea1e0536f77471bf56c109f3918f742cdc02756287c989521087c9b936a4ebf54bfaf360b76e31835e79c92d1a97a53a8aaba44b5
SSDEEP

98304:o81ND8Cs6W0+IlcVZdW1Rubu8gbxXETI6NozlIAirDLviW:hV8Cs6aVZdWqgiTI6EIxviW

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b
- Size
  
  4.1MB
- MD5
  
  34457f0977b3c85ab4c0400dc13ba279
- SHA1
  
  0c79c0de41759d0be02f9d6b380c3b53caedf941
- SHA256
  
  1711d134f31cb185ffa81e85c527cb19e0e94541af8ae46d045d553c15fb580b
- SHA512
  
  99583dc5ac369cf1bfbbc5eea1e0536f77471bf56c109f3918f742cdc02756287c989521087c9b936a4ebf54bfaf360b76e31835e79c92d1a97a53a8aaba44b5
- SSDEEP
  
  98304:o81ND8Cs6W0+IlcVZdW1Rubu8gbxXETI6NozlIAirDLviW:hV8Cs6aVZdWqgiTI6EIxviW
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy