glupteba | c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3
Size

4.0MB
Sample

221002-scm82abfa9
MD5

55a9504df9520eebca55feef5707db77
SHA1

1fc848f35b4f58c570ef4dc5edaf0a262c4c2689
SHA256

c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3
SHA512

005458490d4bd5f60d907d4c8f835ef34bb8338a7b0b0fc65a4f83527b1ce8bd73feab02f3d1395ac03e48383074460f2ecef1009681c69950428490e47af3ee
SSDEEP

98304:hmhelsGS0NtrZ4ZSNKluW+ekfHkOlo25INWjyqJydFT:M6VHRZpK7+ek/kOPg

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3
- Size
  
  4.0MB
- MD5
  
  55a9504df9520eebca55feef5707db77
- SHA1
  
  1fc848f35b4f58c570ef4dc5edaf0a262c4c2689
- SHA256
  
  c5ca34c3a5a95af279616cbb0516b5d09d57415256a17069b926760c38eafec3
- SHA512
  
  005458490d4bd5f60d907d4c8f835ef34bb8338a7b0b0fc65a4f83527b1ce8bd73feab02f3d1395ac03e48383074460f2ecef1009681c69950428490e47af3ee
- SSDEEP
  
  98304:hmhelsGS0NtrZ4ZSNKluW+ekfHkOlo25INWjyqJydFT:M6VHRZpK7+ek/kOPg
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy