glupteba | cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910
Size

4.0MB
Sample

220920-2qctwsabgk
MD5

a2e5478fc4ff9563fa366cc24c70cc6a
SHA1

0315dc9ed5fe444c0a22f684d12a967b080e16d9
SHA256

cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910
SHA512

07d60a052651064be7dfa4ac5f56b858ae6c42835f38b261e0023e256ac0d98a28b62f67008f48a547d70d0d374aa22b7e599c1be77f031c2ee7016c254b5825
SSDEEP

98304:7jX+I32NOtHer53z6cVNHT4jB/cAE7ot+KLByTV+bOXLNHn+TB:/Xv3Hkxe0Nz4jCot+a0V5Je1

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910
- Size
  
  4.0MB
- MD5
  
  a2e5478fc4ff9563fa366cc24c70cc6a
- SHA1
  
  0315dc9ed5fe444c0a22f684d12a967b080e16d9
- SHA256
  
  cd29bf14841b28094153b2e7485c51be1dbe7ca8bab7e1b6ccd917bf619d3910
- SHA512
  
  07d60a052651064be7dfa4ac5f56b858ae6c42835f38b261e0023e256ac0d98a28b62f67008f48a547d70d0d374aa22b7e599c1be77f031c2ee7016c254b5825
- SSDEEP
  
  98304:7jX+I32NOtHer53z6cVNHT4jB/cAE7ot+KLByTV+bOXLNHn+TB:/Xv3Hkxe0Nz4jCot+a0V5Je1
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy