glupteba | f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c
Size

4.0MB
Sample

220925-xvkcbafgh4
MD5

c5a37e8bf2c5943e33a3b688ce7e7789
SHA1

569dff8f34fbb580a6296f4deb10c8cd9d570d8e
SHA256

f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c
SHA512

0426844d27cdd389e1becec033184fec00e7aa2efbc6017515d13a9c026ce1dc5f74e9f1ed706445923ea0d5957f2722655f6bf0d611c97ae2db11c2790e1699
SSDEEP

98304:v9sFFc6uyDytgjdV8s6CMkxyLjJIc8kpHRzn5t1cmL0Ds4:vWDyyOtamsX/x4ek1ntxC1

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c.exe

Resource

win10-20220901-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c
- Size
  
  4.0MB
- MD5
  
  c5a37e8bf2c5943e33a3b688ce7e7789
- SHA1
  
  569dff8f34fbb580a6296f4deb10c8cd9d570d8e
- SHA256
  
  f4d89178bc7f06633f0544aad373746d53526e415c83224d15be563a510e8e2c
- SHA512
  
  0426844d27cdd389e1becec033184fec00e7aa2efbc6017515d13a9c026ce1dc5f74e9f1ed706445923ea0d5957f2722655f6bf0d611c97ae2db11c2790e1699
- SSDEEP
  
  98304:v9sFFc6uyDytgjdV8s6CMkxyLjJIc8kpHRzn5t1cmL0Ds4:vWDyyOtamsX/x4ek1ntxC1
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy