glupteba | 5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8
Size

4.1MB
Sample

221004-nsawesagd4
MD5

86721d336e4043a8934a56b30cd834d3
SHA1

78fd4edd90e944bee176765e4f1d4df4dd567769
SHA256

5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8
SHA512

f1a69fd92ff3fe92d41b661025542c7a0718e8717be1bfad2951bbcc633d01177826a9f258e845691d4060c8956b3a0fcdd5c6d04e6f2b5447301f807f4c5f56
SSDEEP

98304:KNKuJKLcd3/JOhk/Dzb2Wzzaz5xSuBtaVbAL:4hJ53x4kKWPatxAbAL

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8
- Size
  
  4.1MB
- MD5
  
  86721d336e4043a8934a56b30cd834d3
- SHA1
  
  78fd4edd90e944bee176765e4f1d4df4dd567769
- SHA256
  
  5e9ed58d6446fe859d262a5f5611917154e97367c716bd6bc6b0e4bce9926ed8
- SHA512
  
  f1a69fd92ff3fe92d41b661025542c7a0718e8717be1bfad2951bbcc633d01177826a9f258e845691d4060c8956b3a0fcdd5c6d04e6f2b5447301f807f4c5f56
- SSDEEP
  
  98304:KNKuJKLcd3/JOhk/Dzb2Wzzaz5xSuBtaVbAL:4hJ53x4kKWPatxAbAL
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy