glupteba | 91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e
Size

4.1MB
Sample

220928-pjnllafgh2
MD5

6d269f4cda0d58eb0529d0b55987149b
SHA1

43ad1342155648a735c8d490ca19ce72e03336ca
SHA256

91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e
SHA512

1006c2646fe6b3fd69feb7dbb76ad791dcb4335180cf483aab02835545b42c104ff86983a4d3970b1556366679368a52be6a73e94b48a0ba8729c9f763dfd2c7
SSDEEP

98304:7EqtIc+FHIHoc33fo6LQu/PilF56sxcEj6TPtSAvh02fkf1D:4Lc+Sfo6LbPil+s9jwPtSAZ02fy1

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e
- Size
  
  4.1MB
- MD5
  
  6d269f4cda0d58eb0529d0b55987149b
- SHA1
  
  43ad1342155648a735c8d490ca19ce72e03336ca
- SHA256
  
  91a26eebf206a60f007ff5ef741bbb0c320e85e04b6fb8d9614754f3ff3a1d1e
- SHA512
  
  1006c2646fe6b3fd69feb7dbb76ad791dcb4335180cf483aab02835545b42c104ff86983a4d3970b1556366679368a52be6a73e94b48a0ba8729c9f763dfd2c7
- SSDEEP
  
  98304:7EqtIc+FHIHoc33fo6LQu/PilF56sxcEj6TPtSAvh02fkf1D:4Lc+Sfo6LbPil+s9jwPtSAZ02fy1
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy