glupteba | a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b
Size

4.1MB
Sample

220919-qa6lgsaad8
MD5

2c01bda87ccebd24775c9778b1093653
SHA1

66e607bc70716d15da2714dfbef451e308870917
SHA256

a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b
SHA512

4cb7b2c2f8d0810687807f9ee730fb15eae8d9a887c5b8970638c07d8c5e02a00d93e826c05261b7d6ddfa5d708d0feebe2971d9d6557e95899821c06fcd6dea
SSDEEP

98304:gMLE7uGhFPeBgUwS91xGovo2RufqOk1a5NEcHvO2dCQBbBx:4FPeWK9fGogwV1T2YoFx

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b
- Size
  
  4.1MB
- MD5
  
  2c01bda87ccebd24775c9778b1093653
- SHA1
  
  66e607bc70716d15da2714dfbef451e308870917
- SHA256
  
  a2e63e06e32f7e44e2bd83150a59f466577c8d2fa9e1112743dde36a4449427b
- SHA512
  
  4cb7b2c2f8d0810687807f9ee730fb15eae8d9a887c5b8970638c07d8c5e02a00d93e826c05261b7d6ddfa5d708d0feebe2971d9d6557e95899821c06fcd6dea
- SSDEEP
  
  98304:gMLE7uGhFPeBgUwS91xGovo2RufqOk1a5NEcHvO2dCQBbBx:4FPeWK9fGogwV1T2YoFx
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy