Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ed42eab44512ff11f6fc9d32403cea2714269c0428965e3a38d0ba59d976b91

  • Size

    4.1MB

  • Sample

    220928-3lnw2aadgk

  • MD5

    bd2857f49004cfc36db6efdb4558dd30

  • SHA1

    e99a5c92384d704b0406a7aa0ab4854bd3c61435

  • SHA256

    0ed42eab44512ff11f6fc9d32403cea2714269c0428965e3a38d0ba59d976b91

  • SHA512

    bbc36e80f05505e071cc2e4dab324a3c6c1b44b22fe238662f232118bf1d5366e367b901108a099ebf5f191412dd9988b8b34a409b98f17bf8661e8ecd89a1c8

  • SSDEEP

    98304:U34VUaueXBpdAgdOSHg2X/pLvlj95vLNVg:WZarxpdMO/Bf5Ry

Score
10/10
gluptebadiscoverydropperevasionloaderpersistenceupx

Malware Config

Targets

    • Target

      0ed42eab44512ff11f6fc9d32403cea2714269c0428965e3a38d0ba59d976b91

    • Size

      4.1MB

    • MD5

      bd2857f49004cfc36db6efdb4558dd30

    • SHA1

      e99a5c92384d704b0406a7aa0ab4854bd3c61435

    • SHA256

      0ed42eab44512ff11f6fc9d32403cea2714269c0428965e3a38d0ba59d976b91

    • SHA512

      bbc36e80f05505e071cc2e4dab324a3c6c1b44b22fe238662f232118bf1d5366e367b901108a099ebf5f191412dd9988b8b34a409b98f17bf8661e8ecd89a1c8

    • SSDEEP

      98304:U34VUaueXBpdAgdOSHg2X/pLvlj95vLNVg:WZarxpdMO/Bf5Ry

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks