glupteba | 8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b
Size

4.1MB
Sample

221004-tdgcjsbde4
MD5

9a7c11fb7d08c03186456ec5c3c3e265
SHA1

1b6167d0d006fc21912eae0ada689b262c650386
SHA256

8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b
SHA512

6ac6b3d6f238dd753e0aec45f269d91095456f59ae9d65dcf3b3a2540aa36f924200ecc0f469e316d508cda988d52803955c4a31bdb15fe77c2a137f1ad5ad25
SSDEEP

98304:9y4n2JD9x0ozAA+txAGdxS9txkPMa6aWNOVoVEX37d4rr:Bn2JDgyAdx7WU6aWIVocd4rr

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b
- Size
  
  4.1MB
- MD5
  
  9a7c11fb7d08c03186456ec5c3c3e265
- SHA1
  
  1b6167d0d006fc21912eae0ada689b262c650386
- SHA256
  
  8a32b280afcb4a5a1590d84f6ba38e105074298e3f21fb85272d51cb307e168b
- SHA512
  
  6ac6b3d6f238dd753e0aec45f269d91095456f59ae9d65dcf3b3a2540aa36f924200ecc0f469e316d508cda988d52803955c4a31bdb15fe77c2a137f1ad5ad25
- SSDEEP
  
  98304:9y4n2JD9x0ozAA+txAGdxS9txkPMa6aWNOVoVEX37d4rr:Bn2JDgyAdx7WU6aWIVocd4rr
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy