glupteba | 5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9
Size

4.1MB
Sample

220917-nkw4pahfh7
MD5

0fffd1fadcfac0159ae188fc2528f9eb
SHA1

078bfec0f8655352641ac78a5023b7747fa87367
SHA256

5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9
SHA512

f1eea04c49ffe305900d6e2a55eaf35ca3a3f7fbaeaa8a1110d9fc96b96dfb2d1e210c01df7c7e917a5892b03560f67967efeb9bfa8be279880c90dffa6b50bc
SSDEEP

98304:7denr55ldssbWutgjCfUKoU0Yr++xhN0SPW9PLz:s1asbWUgPKoU0H+xhNSN

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9
- Size
  
  4.1MB
- MD5
  
  0fffd1fadcfac0159ae188fc2528f9eb
- SHA1
  
  078bfec0f8655352641ac78a5023b7747fa87367
- SHA256
  
  5c74c6677bffb42cc7b61f9cb0889c2f8a07a57065090c5941f1837d6aaa30f9
- SHA512
  
  f1eea04c49ffe305900d6e2a55eaf35ca3a3f7fbaeaa8a1110d9fc96b96dfb2d1e210c01df7c7e917a5892b03560f67967efeb9bfa8be279880c90dffa6b50bc
- SSDEEP
  
  98304:7denr55ldssbWutgjCfUKoU0Yr++xhN0SPW9PLz:s1asbWUgPKoU0H+xhNSN
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy