glupteba | ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26
Size

4.1MB
Sample

220916-cd7fasedg5
MD5

5b101f55870ba2068a0d58b488b5da79
SHA1

4c0291d70e975a7bb007096881fe389da62f1af5
SHA256

ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26
SHA512

bba2745c77c12a8891e88ca1b18bdae0d2c00de9c6f99ee6ccb3abe33da4d4e9e017dc18a7d85e731361f15e4944cdeb79bec811cd3e787e218540efc96b179f
SSDEEP

98304:ba9ISuvFziNadle9SoJIZB5IjYQBLkftsu8WelAIlh9bT:WuQa+KZX6Y62x8flAIlhl

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26
- Size
  
  4.1MB
- MD5
  
  5b101f55870ba2068a0d58b488b5da79
- SHA1
  
  4c0291d70e975a7bb007096881fe389da62f1af5
- SHA256
  
  ab3edea2a3815285ce531b2e5d225618e02d9a015ff9895ecdc0b6278879dc26
- SHA512
  
  bba2745c77c12a8891e88ca1b18bdae0d2c00de9c6f99ee6ccb3abe33da4d4e9e017dc18a7d85e731361f15e4944cdeb79bec811cd3e787e218540efc96b179f
- SSDEEP
  
  98304:ba9ISuvFziNadle9SoJIZB5IjYQBLkftsu8WelAIlh9bT:WuQa+KZX6Y62x8flAIlhl
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy