glupteba | 5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e
Size

4.2MB
Sample

220927-pjzc4addg5
MD5

d2d0d3b85ac128d96d03e531403a1774
SHA1

3158f40ef2cb1f3c54d2cdfa3ec3fffca95b3a3f
SHA256

5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e
SHA512

924e5fffa8fd9550e06b6dd9b818cf4b7f22df83f32dadc03a98e9fb0887ca33a38f1a561e17869d2832b77d6a7bed2740367f66368628f0ba2d35c4732d0aa5
SSDEEP

98304:nvtk+77lRew9Yn0BLqFij+T41OvvchWlXzLSP6PQm++9t1xq7n:vFHlRZGlFij+81inJfQwt1xqz

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e
- Size
  
  4.2MB
- MD5
  
  d2d0d3b85ac128d96d03e531403a1774
- SHA1
  
  3158f40ef2cb1f3c54d2cdfa3ec3fffca95b3a3f
- SHA256
  
  5b8175ee72c014971c9ca253ec539df1333d9b84193dc8fe780644fbc9e30d7e
- SHA512
  
  924e5fffa8fd9550e06b6dd9b818cf4b7f22df83f32dadc03a98e9fb0887ca33a38f1a561e17869d2832b77d6a7bed2740367f66368628f0ba2d35c4732d0aa5
- SSDEEP
  
  98304:nvtk+77lRew9Yn0BLqFij+T41OvvchWlXzLSP6PQm++9t1xq7n:vFHlRZGlFij+81inJfQwt1xqz
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy