glupteba | c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889
Size

4.0MB
Sample

221001-1c6z5shfhl
MD5

d3acf52600bc6f2fa57ea7fc91a3250f
SHA1

a8032ce03e7eb5b494cb33833e37df4fa24462aa
SHA256

c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889
SHA512

a25a87ac329b1baeb50d72ea0da7bd773bea1d9a64b8a25b35c1b00aee309eb2128fb15786527a75d19c88714d56c42f8e5d9be5e7a925c5e2e8ae70377a60c5
SSDEEP

98304:+ycVnNklBwyE2sdpa1GyhYnHjR2pq0lwq+zdjV:2VngwyE2zIawhjV

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889
- Size
  
  4.0MB
- MD5
  
  d3acf52600bc6f2fa57ea7fc91a3250f
- SHA1
  
  a8032ce03e7eb5b494cb33833e37df4fa24462aa
- SHA256
  
  c7a33b4fce090fa621fe6c85b4d0e92858b654cd298c9240076ee3a5e6d02889
- SHA512
  
  a25a87ac329b1baeb50d72ea0da7bd773bea1d9a64b8a25b35c1b00aee309eb2128fb15786527a75d19c88714d56c42f8e5d9be5e7a925c5e2e8ae70377a60c5
- SSDEEP
  
  98304:+ycVnNklBwyE2sdpa1GyhYnHjR2pq0lwq+zdjV:2VngwyE2zIawhjV
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy