glupteba | 0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
Size

4.1MB
Sample

220916-knz3zaahbm
MD5

895378f2baac103b18f1bd3358b777ca
SHA1

21e3c6eb2ce5730d4228458776ab5a461d29fa2e
SHA256

0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
SHA512

369c1cc84ae0be6eb816a6554a419324970cacccc04c6f012461a97210c35cad3483fb5c90d235efb4ebc2e87a93ea2eaca063bf8d6f2f125f45956e33a5c445
SSDEEP

98304:K+tv1bPP26U//FmOtBhYItEZVS5F7F85BuZgvMx0eg/v2xy:nv1P3UF1SV4Fy5Bmg5egZ

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
- Size
  
  4.1MB
- MD5
  
  895378f2baac103b18f1bd3358b777ca
- SHA1
  
  21e3c6eb2ce5730d4228458776ab5a461d29fa2e
- SHA256
  
  0c5f42b0294f9cb2254a2d024167a31292f6a1c9638a8a1dd5b7606eee432df1
- SHA512
  
  369c1cc84ae0be6eb816a6554a419324970cacccc04c6f012461a97210c35cad3483fb5c90d235efb4ebc2e87a93ea2eaca063bf8d6f2f125f45956e33a5c445
- SSDEEP
  
  98304:K+tv1bPP26U//FmOtBhYItEZVS5F7F85BuZgvMx0eg/v2xy:nv1P3UF1SV4Fy5Bmg5egZ
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy