glupteba | e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f
Size

4.1MB
Sample

221005-ycsfmsfdb4
MD5

7f258ba45a71aee9922e8c22582e5918
SHA1

23df746dfd5ec27cdd48509575b180a6657fab53
SHA256

e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f
SHA512

ce3b73cd4dc2eda607846e83f8ba4acd74f4d624df65f7438163419f4b5d604e546dd50e234b63f38167a75263883b9cb1ca841d8ef3c06d13b74bda7feadddc
SSDEEP

98304:rgwjz3m4ZGm9HGiitygrEWAGkpOLIJpzqJme2eDxAa:Mwjz3m4ZGG0ygrtAaAqDnxAa

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f
- Size
  
  4.1MB
- MD5
  
  7f258ba45a71aee9922e8c22582e5918
- SHA1
  
  23df746dfd5ec27cdd48509575b180a6657fab53
- SHA256
  
  e28eadbd79593134a0e96645f371e36d176a94023d7c099e8ee27484ae2ec41f
- SHA512
  
  ce3b73cd4dc2eda607846e83f8ba4acd74f4d624df65f7438163419f4b5d604e546dd50e234b63f38167a75263883b9cb1ca841d8ef3c06d13b74bda7feadddc
- SSDEEP
  
  98304:rgwjz3m4ZGm9HGiitygrEWAGkpOLIJpzqJme2eDxAa:Mwjz3m4ZGG0ygrtAaAqDnxAa
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy