glupteba | 9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345
Size

4.1MB
Sample

220929-x8fahscgdq
MD5

fae8bb46e6fc723acbee42d0b8a23e8b
SHA1

c5e86d2992e2683850c3b35d984d95754a5c45a0
SHA256

9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345
SHA512

74fe764c488741c4dc76484632281283a976753244186ce3ea30bf2c2fee3f49b644a528bb7e90485e00d1beef91e7aa2ca0194a93692b8c1f75620aaf70dc58
SSDEEP

98304:XKLmLmxx6A2yT7yChs3ivaH604nC/HSdUlPO:azx60uChoyu604Z

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345.exe

Resource

win10-20220901-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345
- Size
  
  4.1MB
- MD5
  
  fae8bb46e6fc723acbee42d0b8a23e8b
- SHA1
  
  c5e86d2992e2683850c3b35d984d95754a5c45a0
- SHA256
  
  9459ef2d1932d5931349a8309008f026767ecde81220027a2caa59e4a3e83345
- SHA512
  
  74fe764c488741c4dc76484632281283a976753244186ce3ea30bf2c2fee3f49b644a528bb7e90485e00d1beef91e7aa2ca0194a93692b8c1f75620aaf70dc58
- SSDEEP
  
  98304:XKLmLmxx6A2yT7yChs3ivaH604nC/HSdUlPO:azx60uChoyu604Z
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy