Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1a7526e052eec9d4c655371132a5ae4426ee23c3e3acfc2417e8180b4feae9e

  • Size

    4.1MB

  • Sample

    221004-hdbaragahr

  • MD5

    718b67027408879305c9cf1ab32ef5cd

  • SHA1

    9b8b061f8939c09a124e56a0cc0d9f33d9de180e

  • SHA256

    b1a7526e052eec9d4c655371132a5ae4426ee23c3e3acfc2417e8180b4feae9e

  • SHA512

    8c1787b509b1dddc59feaedddc94ec72281ea287347ff544dd7bd426d962c51d92ca8ad9b417552978e3d5a53353cf49b0c7eca9aa473bc343a31878b90ef05f

  • SSDEEP

    98304:d5yN/aYe4IOsbrsy8Nf5dB1vQG9R/0zdNLqwp4TB7ikaXF7L5lCAv1KG/C:6xaYDIOsbrH8Nnvnj0zrLq97mGo1Nq

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      b1a7526e052eec9d4c655371132a5ae4426ee23c3e3acfc2417e8180b4feae9e

    • Size

      4.1MB

    • MD5

      718b67027408879305c9cf1ab32ef5cd

    • SHA1

      9b8b061f8939c09a124e56a0cc0d9f33d9de180e

    • SHA256

      b1a7526e052eec9d4c655371132a5ae4426ee23c3e3acfc2417e8180b4feae9e

    • SHA512

      8c1787b509b1dddc59feaedddc94ec72281ea287347ff544dd7bd426d962c51d92ca8ad9b417552978e3d5a53353cf49b0c7eca9aa473bc343a31878b90ef05f

    • SSDEEP

      98304:d5yN/aYe4IOsbrsy8Nf5dB1vQG9R/0zdNLqwp4TB7ikaXF7L5lCAv1KG/C:6xaYDIOsbrH8Nnvnj0zrLq97mGo1Nq

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojanupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks