glupteba | 07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a
Size

4.0MB
Sample

220921-n4qq1sgbh7
MD5

fa876c35711daf9224b47bbad7112a68
SHA1

853686aec34bc56fa2d0210d7873fd6d5bf5c282
SHA256

07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a
SHA512

43723802d60864e08ed6f07b16bcae4d396bc90867a39af0f8e289d3f3b939acdb8bc8c741ed6289a14b4b310d867cd511dfc8ea78d16373767fa30f64723536
SSDEEP

98304:dinQzF1VQ3VrEKDWYHwLWxAAKJ3HbHSWnoW8twgoYGqJ:EnQBQfSHLWxmJ3bHSWqago8

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a
- Size
  
  4.0MB
- MD5
  
  fa876c35711daf9224b47bbad7112a68
- SHA1
  
  853686aec34bc56fa2d0210d7873fd6d5bf5c282
- SHA256
  
  07187c901484020e3939cb8c641edf6e194dcd4daf176eac17965fc28896ce2a
- SHA512
  
  43723802d60864e08ed6f07b16bcae4d396bc90867a39af0f8e289d3f3b939acdb8bc8c741ed6289a14b4b310d867cd511dfc8ea78d16373767fa30f64723536
- SSDEEP
  
  98304:dinQzF1VQ3VrEKDWYHwLWxAAKJ3HbHSWnoW8twgoYGqJ:EnQBQfSHLWxmJ3bHSWqago8
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy