glupteba | 843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8
Size

4.1MB
Sample

220918-ttrhfsbea2
MD5

e1c440fc0ce7e90440a55fea70a0f401
SHA1

e836e78cc1bf3c6ae2821df2d41d16c4de032301
SHA256

843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8
SHA512

31537da09541fce2765b940737f4c20fe58118421a99b8a5127f193621b946c9f33463705258ab880c4731933da2e75cb2d5c13c45f4f7da3c1df52e363150e0
SSDEEP

98304:onwfDK3u/GKS/r+qqK2bh/MWHXSNCPtftqKPZJah5IY:IwF/Vy+qchkwX51tqKPZJaHn

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8
- Size
  
  4.1MB
- MD5
  
  e1c440fc0ce7e90440a55fea70a0f401
- SHA1
  
  e836e78cc1bf3c6ae2821df2d41d16c4de032301
- SHA256
  
  843de9eeccaaf499d415cfbf5721e5f30eb1e6419b2d759b96ed0a24afe9a2f8
- SHA512
  
  31537da09541fce2765b940737f4c20fe58118421a99b8a5127f193621b946c9f33463705258ab880c4731933da2e75cb2d5c13c45f4f7da3c1df52e363150e0
- SSDEEP
  
  98304:onwfDK3u/GKS/r+qqK2bh/MWHXSNCPtftqKPZJah5IY:IwF/Vy+qchkwX51tqKPZJaHn
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy