glupteba | dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453
Size

4.1MB
Sample

221005-whz2kafah5
MD5

a41abd89c1a6c0fdbef4de29b6d1ec6a
SHA1

6027b04cee9b16e4560e4451e147d106acde2b07
SHA256

dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453
SHA512

8a854d118e6a1829fd7173b6f3e14f8d44a39f1e8c8b445fe03e2048f127ac076842c98461a3ab6b564e7918b25664c0154704d356d92382765bdd80bd07c189
SSDEEP

49152:t/MA5xHT9l7hIOK73ocbJN620L6rIPppsyP9datw5jnyrSUT95R/UCnpFqCaglof:tJ7T+B73ocV251dH5SBrRMC/q49jOdX

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453
- Size
  
  4.1MB
- MD5
  
  a41abd89c1a6c0fdbef4de29b6d1ec6a
- SHA1
  
  6027b04cee9b16e4560e4451e147d106acde2b07
- SHA256
  
  dec19d55c7b84beafa2218a0bb7b61280c9313b7bc10ac1495211cdf3dde3453
- SHA512
  
  8a854d118e6a1829fd7173b6f3e14f8d44a39f1e8c8b445fe03e2048f127ac076842c98461a3ab6b564e7918b25664c0154704d356d92382765bdd80bd07c189
- SSDEEP
  
  49152:t/MA5xHT9l7hIOK73ocbJN620L6rIPppsyP9datw5jnyrSUT95R/UCnpFqCaglof:tJ7T+B73ocV251dH5SBrRMC/q49jOdX
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy