glupteba | b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868
Size

4.1MB
Sample

221005-eps36adce2
MD5

7771c011462ffb2920e7f3b28b90804d
SHA1

0f69e3b8fe52273e989bd8237a878488c5a296cc
SHA256

b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868
SHA512

792dfd18e9a128565e5dd41cc2a34da94f6f7aaaf8e7a42223795880cbb729f8e8858e882c2741bcad70a3608a46f22c0b0e249c5eab56e4643e377a0b27e8cf
SSDEEP

98304:RmR6+wiWN1kHjEycjjnsnJHMxKHgUsSieAe:q6IDQjQnJHMXVZeAe

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868
- Size
  
  4.1MB
- MD5
  
  7771c011462ffb2920e7f3b28b90804d
- SHA1
  
  0f69e3b8fe52273e989bd8237a878488c5a296cc
- SHA256
  
  b0b440c5f0754c72b1c67f7c79d72ecc039ddf9c0e012b25d937594c0f3b6868
- SHA512
  
  792dfd18e9a128565e5dd41cc2a34da94f6f7aaaf8e7a42223795880cbb729f8e8858e882c2741bcad70a3608a46f22c0b0e249c5eab56e4643e377a0b27e8cf
- SSDEEP
  
  98304:RmR6+wiWN1kHjEycjjnsnJHMxKHgUsSieAe:q6IDQjQnJHMXVZeAe
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy