glupteba | 26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b
Size

4.0MB
Sample

220920-kd9vesgafj
MD5

75495521292ac4f5bd426aa5afb4443b
SHA1

4dd5e5a18853b0bd063e00dd70d8990d409716f7
SHA256

26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b
SHA512

76cd887e4969ce75c76705171685169b1ddf765e90386caaa4da739b973029037da4f56b33e2f49f95e64a917e5c980a4249c48cb75fc2d695239bf09226950b
SSDEEP

98304:Qy5X6mTksaH3W1nUTQE4lcsPjvxb0P1qp2RfuSfm7noBsACVlC:QQ6mTVU0vxbO1TRfu77noBgM

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b
- Size
  
  4.0MB
- MD5
  
  75495521292ac4f5bd426aa5afb4443b
- SHA1
  
  4dd5e5a18853b0bd063e00dd70d8990d409716f7
- SHA256
  
  26de7ca4b85663ee60cc47c81556e858228f8856c09a24d8154a4905513b917b
- SHA512
  
  76cd887e4969ce75c76705171685169b1ddf765e90386caaa4da739b973029037da4f56b33e2f49f95e64a917e5c980a4249c48cb75fc2d695239bf09226950b
- SSDEEP
  
  98304:Qy5X6mTksaH3W1nUTQE4lcsPjvxb0P1qp2RfuSfm7noBsACVlC:QQ6mTVU0vxbO1TRfu77noBgM
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy