glupteba | c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630
Size

4.2MB
Sample

220928-e9yt5sfaf3
MD5

ea772ec25e6f45a0b80f85496ff861a1
SHA1

ff4fa8158d7c3c6480bbe3b8c46e81aee0db6532
SHA256

c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630
SHA512

c05ce0fc7dc03d418d3d652a47eef813384d41bf4e250ac9a5ff691a529cd21e6adab72195adc2efbeac40c7cbaae68a66dbde708973ebb0985bdedf325ab49f
SSDEEP

98304:ENW25W/u6pKwq1MVxa9nAzKFRt8mWDso68EHVMMInk1Mks4V9lJ78:MWpu6pVqceAGftXWJ68EHKigM7S

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630
- Size
  
  4.2MB
- MD5
  
  ea772ec25e6f45a0b80f85496ff861a1
- SHA1
  
  ff4fa8158d7c3c6480bbe3b8c46e81aee0db6532
- SHA256
  
  c64fae724bff3b5bf15b6e4120893125a10c95acb5fd866f50d0152301f1a630
- SHA512
  
  c05ce0fc7dc03d418d3d652a47eef813384d41bf4e250ac9a5ff691a529cd21e6adab72195adc2efbeac40c7cbaae68a66dbde708973ebb0985bdedf325ab49f
- SSDEEP
  
  98304:ENW25W/u6pKwq1MVxa9nAzKFRt8mWDso68EHVMMInk1Mks4V9lJ78:MWpu6pVqceAGftXWJ68EHKigM7S
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy