glupteba | 30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1
Size

4.2MB
Sample

220917-crebnschfm
MD5

ccfcd083ffeebc4132280c7dfb916db4
SHA1

57c6eb9ed6fe86e9709b4faf3d7e79a95747c761
SHA256

30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1
SHA512

0d9a80e3dee0e2402c50d97f04978dcc12a886b1f0ef407b43215cb67c80d1305879173a8ad517640cc688a78c7971ce4ecf4a6c362b56308f124887b870d527
SSDEEP

98304:9w30D6K27v62XCl/Xfjuxp9mUuldW+huBRCC8AKmOoWdyB:1e62aPLqpG0+h4RC9shWE

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1
- Size
  
  4.2MB
- MD5
  
  ccfcd083ffeebc4132280c7dfb916db4
- SHA1
  
  57c6eb9ed6fe86e9709b4faf3d7e79a95747c761
- SHA256
  
  30a5805557923cb5e17dd7ad7275758094f50914a13f11f4f3f40b4e482d72e1
- SHA512
  
  0d9a80e3dee0e2402c50d97f04978dcc12a886b1f0ef407b43215cb67c80d1305879173a8ad517640cc688a78c7971ce4ecf4a6c362b56308f124887b870d527
- SSDEEP
  
  98304:9w30D6K27v62XCl/Xfjuxp9mUuldW+huBRCC8AKmOoWdyB:1e62aPLqpG0+h4RC9shWE
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy