glupteba | d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7
Size

4.0MB
Sample

220930-x3fzvseeb6
MD5

66bbc5ed202747c14e43f4eb57b892b2
SHA1

c88e0030c2482c9a676a291096ef466dc8a33878
SHA256

d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7
SHA512

bdc8d564c058fe3fb0ac53efaada84f03d76d53f9b9ec863898f55ea5f09a5cfa0a658d9a386690dd3482e9e4e1eb576d50e70c9325dbf5d23a7994c984d2dd7
SSDEEP

98304:CSAWqlKQxJpSm08jlBk8H6+RRSaQlTI+DwqxsghRuu:/cJxqn8jlZSRlTQqxZRuu

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7
- Size
  
  4.0MB
- MD5
  
  66bbc5ed202747c14e43f4eb57b892b2
- SHA1
  
  c88e0030c2482c9a676a291096ef466dc8a33878
- SHA256
  
  d54f96cb7cc0c4c29fd8a9ed2e69b82abde930fb105978b20cec2f4702030ce7
- SHA512
  
  bdc8d564c058fe3fb0ac53efaada84f03d76d53f9b9ec863898f55ea5f09a5cfa0a658d9a386690dd3482e9e4e1eb576d50e70c9325dbf5d23a7994c984d2dd7
- SSDEEP
  
  98304:CSAWqlKQxJpSm08jlBk8H6+RRSaQlTI+DwqxsghRuu:/cJxqn8jlZSRlTQqxZRuu
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy