glupteba | cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12
Size

4.1MB
Sample

220918-q9yd6abcg9
MD5

bee1a166fdf1236b6b0b1aec9115e0ff
SHA1

89f28606739779bd29938ed775e97c86bf774d76
SHA256

cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12
SHA512

000e98dcdfbd7e0d987c7d8fe4c365b831aec57c0d44397ecc11bc3743d18215e537c83ee92211ba4044991b34c5d2cc089a17a9eef27c9527232b473c1b7d07
SSDEEP

98304:pNNg6KMSgt/enXbzfNRwBv/DpODjkHS2HnXdZ7p1Xq/S+sshHh3hl:nMgt2nXbjNRwZYDjky2HtZ7D6/SG3H

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12.exe

Resource

win10-20220901-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12
- Size
  
  4.1MB
- MD5
  
  bee1a166fdf1236b6b0b1aec9115e0ff
- SHA1
  
  89f28606739779bd29938ed775e97c86bf774d76
- SHA256
  
  cab9f2ec85222ec9c8263b7a7c54cb59a6177e34cb2a839bd5b464f536631e12
- SHA512
  
  000e98dcdfbd7e0d987c7d8fe4c365b831aec57c0d44397ecc11bc3743d18215e537c83ee92211ba4044991b34c5d2cc089a17a9eef27c9527232b473c1b7d07
- SSDEEP
  
  98304:pNNg6KMSgt/enXbzfNRwBv/DpODjkHS2HnXdZ7p1Xq/S+sshHh3hl:nMgt2nXbjNRwZYDjky2HtZ7D6/SG3H
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy