glupteba | 4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05
Size

4.2MB
Sample

220927-z9a4asefb9
MD5

589d0af03c06c55e55b93ca829fc9003
SHA1

e199d1a5ad61e1e01194c4f28385f397f94177b7
SHA256

4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05
SHA512

ab1af3a6285b447f4fafb31ee267122a2eae04ab3be6907d9f0de9728dc78f1e60ea759237a8790f6f3a061201a599b00dd3d603a7d7ab276458701f1d3628f1
SSDEEP

98304:O75I7mS99rCbJs/nyHAHmPI9DqJOUA/TgyTp+nKzTTy4SJPi6M:82jrb/yHXIcALLgyEnKPTy4D

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05
- Size
  
  4.2MB
- MD5
  
  589d0af03c06c55e55b93ca829fc9003
- SHA1
  
  e199d1a5ad61e1e01194c4f28385f397f94177b7
- SHA256
  
  4abe817df70e0e1d331fefc421eeaa224960d08ed8129e662504696171f2ee05
- SHA512
  
  ab1af3a6285b447f4fafb31ee267122a2eae04ab3be6907d9f0de9728dc78f1e60ea759237a8790f6f3a061201a599b00dd3d603a7d7ab276458701f1d3628f1
- SSDEEP
  
  98304:O75I7mS99rCbJs/nyHAHmPI9DqJOUA/TgyTp+nKzTTy4SJPi6M:82jrb/yHXIcALLgyEnKPTy4D
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy