glupteba | 359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0
Size

4.1MB
Sample

221004-py6eysahg6
MD5

ad6ac1a819396e8362973bf7d6f98cf2
SHA1

e7bb8087329f85b209ae89dc0a03acbd831b5e0d
SHA256

359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0
SHA512

fa4d8cdf5a2e01dcf56dd2a7ece9231f613592102a446405451a257daa70e3900fd08f9743a7481222b7c33a765fd979bc48284040f46ef87f9b2d8ca6403b2c
SSDEEP

98304:p9k23t41KjOOTI0Wqk4WxcI9Td//k2AwbM8Yepot8ad1UqW:bkk41qiqIxc2T227bM8Y12qW

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0
- Size
  
  4.1MB
- MD5
  
  ad6ac1a819396e8362973bf7d6f98cf2
- SHA1
  
  e7bb8087329f85b209ae89dc0a03acbd831b5e0d
- SHA256
  
  359622c4ad2ada897f13506333fdfaea8baebd195b247f76270394215ce37cb0
- SHA512
  
  fa4d8cdf5a2e01dcf56dd2a7ece9231f613592102a446405451a257daa70e3900fd08f9743a7481222b7c33a765fd979bc48284040f46ef87f9b2d8ca6403b2c
- SSDEEP
  
  98304:p9k23t41KjOOTI0Wqk4WxcI9Td//k2AwbM8Yepot8ad1UqW:bkk41qiqIxc2T227bM8Y12qW
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy