glupteba | ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8
Size

4.2MB
Sample

220928-k2kkfagfam
MD5

6ff01b2485c1cbfff15f0984b099b500
SHA1

19ee5a1112f718cea46940cdb8d71eb615d317a6
SHA256

ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8
SHA512

70ec9c13e76a918b7fec1b17d7638a2e7fff7fc07ec1ea8d5405412c5171f67919d70681685274897409f285471c9d338978e35136e250a04f886ad79397405c
SSDEEP

98304:1WP1yNi8lWDoR3dKx/cH5Mj8WrjLx/wxRixTC4Hixh4Br3JMsmrp:EP1luWDo1dKYnW1CRi4JD4c99

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8
- Size
  
  4.2MB
- MD5
  
  6ff01b2485c1cbfff15f0984b099b500
- SHA1
  
  19ee5a1112f718cea46940cdb8d71eb615d317a6
- SHA256
  
  ed723d099a7c51e21a9985b09745ad4778b96137ebc47c7df84f4893c17adab8
- SHA512
  
  70ec9c13e76a918b7fec1b17d7638a2e7fff7fc07ec1ea8d5405412c5171f67919d70681685274897409f285471c9d338978e35136e250a04f886ad79397405c
- SSDEEP
  
  98304:1WP1yNi8lWDoR3dKx/cH5Mj8WrjLx/wxRixTC4Hixh4Br3JMsmrp:EP1luWDo1dKYnW1CRi4JD4c99
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy