glupteba | 0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190
Size

4.1MB
Sample

220922-sn1cqsbgd3
MD5

5fd7ec09c9da0847fe9c89800f53d983
SHA1

eb66e1285f0737827489f766f96e24f99482bfb8
SHA256

0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190
SHA512

c9294f5a6543458d308f4c2a163cdff02ebaaddd52ef64c1ee24a3f22d1f116b6710d50c2b70d78da64e17eec17d47f440f99c6acc5a229ed93596bf88423b0d
SSDEEP

98304:yXFeTkBJVWs0K+9Q5fGoFDccp8qN51AR0nRjkvYY/hcq4we:+FeTiVjt4Q5fLpp9DcOxYpcqU

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190
- Size
  
  4.1MB
- MD5
  
  5fd7ec09c9da0847fe9c89800f53d983
- SHA1
  
  eb66e1285f0737827489f766f96e24f99482bfb8
- SHA256
  
  0fda9b9b99e8fe10e326535ae461ed0e9146490bab13f75f84edaa78a73f9190
- SHA512
  
  c9294f5a6543458d308f4c2a163cdff02ebaaddd52ef64c1ee24a3f22d1f116b6710d50c2b70d78da64e17eec17d47f440f99c6acc5a229ed93596bf88423b0d
- SSDEEP
  
  98304:yXFeTkBJVWs0K+9Q5fGoFDccp8qN51AR0nRjkvYY/hcq4we:+FeTiVjt4Q5fLpp9DcOxYpcqU
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy