Triage | Malware sandboxing report by Hatching Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5
Size

3MB
Sample

221002-t8hh4afab7
MD5

8d108cf9507a8e81a85062d46c642090
SHA1

fb578386e23a6845e6eeda65cf38d04124e697d6
SHA256

ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5
SHA512

90ad6e6ce22479f92ad21bf68236d9de60b1e9661da21347a1bf6e1f1efd88363a40adef4318b71e1e0417e974563329a2f6ab037187ed8a4a350cd5ca09420a
SSDEEP

98304:1AP0G/UXsl6DvFCoe1XUkDBXU/m8Qn3t0iPc8sg0TaGvw:1AsGgsl4vEoCUkFXwmx3Evw

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5
- Size
  
  3MB
- MD5
  
  8d108cf9507a8e81a85062d46c642090
- SHA1
  
  fb578386e23a6845e6eeda65cf38d04124e697d6
- SHA256
  
  ccf98f54415358a498da5f4a49f45260308905d9136395b985c65c7040ceaab5
- SHA512
  
  90ad6e6ce22479f92ad21bf68236d9de60b1e9661da21347a1bf6e1f1efd88363a40adef4318b71e1e0417e974563329a2f6ab037187ed8a4a350cd5ca09420a
- SSDEEP
  
  98304:1AP0G/UXsl6DvFCoe1XUkDBXU/m8Qn3t0iPc8sg0TaGvw:1AsGgsl4vEoCUkFXwmx3Evw
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2023

Terms | Privacy