Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb55ef425cf22706af94f3f5fd45e60dfe7e7b09463372d7e02e04ba98e3b012

  • Size

    4.1MB

  • Sample

    220929-r9atjabbg4

  • MD5

    97dae862350cafb3b9c0daa865217613

  • SHA1

    f54476f23e34cee24e090b178b3764f31d8b8843

  • SHA256

    eb55ef425cf22706af94f3f5fd45e60dfe7e7b09463372d7e02e04ba98e3b012

  • SHA512

    642f91f7ecbd225fc4b4dbd7016d9e8c7a1f9fb9278f39e5cfa4d88ef80b11c8383fb11b40ac48b7756b360a6d1981bd1d08977bcf9fa5d88a0c534b47439ddc

  • SSDEEP

    98304:TSviynWUo4eoaWT+gGccg5Hc6vK8n+5HiaDBW3WIa0tupTuX:uiuWUGtZ6vK8nSHX97INOTe

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      eb55ef425cf22706af94f3f5fd45e60dfe7e7b09463372d7e02e04ba98e3b012

    • Size

      4.1MB

    • MD5

      97dae862350cafb3b9c0daa865217613

    • SHA1

      f54476f23e34cee24e090b178b3764f31d8b8843

    • SHA256

      eb55ef425cf22706af94f3f5fd45e60dfe7e7b09463372d7e02e04ba98e3b012

    • SHA512

      642f91f7ecbd225fc4b4dbd7016d9e8c7a1f9fb9278f39e5cfa4d88ef80b11c8383fb11b40ac48b7756b360a6d1981bd1d08977bcf9fa5d88a0c534b47439ddc

    • SSDEEP

      98304:TSviynWUo4eoaWT+gGccg5Hc6vK8n+5HiaDBW3WIa0tupTuX:uiuWUGtZ6vK8nSHX97INOTe

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks