glupteba | 0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054
Size

4.1MB
Sample

220916-qh8e2sbehm
MD5

3818b50977a94795cbdc9e74ccf51710
SHA1

8e92b9f272ee2945d51d0f33e55c8ac31f83393f
SHA256

0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054
SHA512

dde17e2276a4caf0a968e71845f7d60b5e6c6cd0e4e144967011bd5041d7c836db0e4cbc3a13389a2538d2c7c124b4bda29f891863997363d5f07df6fcea0195
SSDEEP

98304:1PM8eavzyxKrL79KWY8tsHxxx3A40Jb3Ayg0VbzwdddciWgDszOk+sRxWkEJ:RM8eavmx279KWqbxb0V3t1Vgd3DsCnsc

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054
- Size
  
  4.1MB
- MD5
  
  3818b50977a94795cbdc9e74ccf51710
- SHA1
  
  8e92b9f272ee2945d51d0f33e55c8ac31f83393f
- SHA256
  
  0803fee10f0a3b08a20cfc7d769f28a1a514b0a588b27df174b99578559e1054
- SHA512
  
  dde17e2276a4caf0a968e71845f7d60b5e6c6cd0e4e144967011bd5041d7c836db0e4cbc3a13389a2538d2c7c124b4bda29f891863997363d5f07df6fcea0195
- SSDEEP
  
  98304:1PM8eavzyxKrL79KWY8tsHxxx3A40Jb3Ayg0VbzwdddciWgDszOk+sRxWkEJ:RM8eavmx279KWqbxb0V3t1Vgd3DsCnsc
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy