glupteba | 0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
Size

4.0MB
Sample

220921-ffzp1sfba8
MD5

d1105e6eabd9e66c9b4118141d908229
SHA1

2cc13c9d3ae5429a40b67c5f7c9d713a142354dc
SHA256

0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
SHA512

4b13ec3df90377a969c7c8cfd1e89d43483b7b72a3ec7265fa00c521e3944ce432e6df4afe457df8bf0b417b21e7a1579ac913ca1e440cba2e34b10697586f7e
SSDEEP

98304:vHv5apQiK0Rdz7yZnGDcsW9mg5G82ECAyiDHRVL5x7BPo:vP5FidRoJGDXWj5GowiDxVNxdPo

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
- Size
  
  4.0MB
- MD5
  
  d1105e6eabd9e66c9b4118141d908229
- SHA1
  
  2cc13c9d3ae5429a40b67c5f7c9d713a142354dc
- SHA256
  
  0b6115ac4c1ddfcf850158c103bd4ad8cbb0ce1c2fdd7bd7bfd418202b1ff3cb
- SHA512
  
  4b13ec3df90377a969c7c8cfd1e89d43483b7b72a3ec7265fa00c521e3944ce432e6df4afe457df8bf0b417b21e7a1579ac913ca1e440cba2e34b10697586f7e
- SSDEEP
  
  98304:vHv5apQiK0Rdz7yZnGDcsW9mg5G82ECAyiDHRVL5x7BPo:vP5FidRoJGDXWj5GowiDxVNxdPo
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy