Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74d478e0e2a6b8e5bb75d912cf1f368e8a02c529d42188ca02a2584bd7d49cd7

  • Size

    4.1MB

  • Sample

    221008-t1cymsfac2

  • MD5

    0687f86fe6fe9f69bb9463feac238794

  • SHA1

    6b3cd07a8f6c6b700d5c95d3ad356bbbd45f46e4

  • SHA256

    74d478e0e2a6b8e5bb75d912cf1f368e8a02c529d42188ca02a2584bd7d49cd7

  • SHA512

    0f58115384f8aaba9489e8a584909a39072f1de03e3e472a8f548cdf9f16a43bddce14f3387f194931c620fcd6224b5864cb71402495d156f0749b07ae3e9b58

  • SSDEEP

    98304:cqBIl7aLbuCSom9o2pziWyhwPYxNlrr/scyw4bp:zc72uhogTziKAHlnyXp

Score
10/10
gluptebadiscoverydropperevasionloaderpersistenceupx

Malware Config

Targets

    • Target

      74d478e0e2a6b8e5bb75d912cf1f368e8a02c529d42188ca02a2584bd7d49cd7

    • Size

      4.1MB

    • MD5

      0687f86fe6fe9f69bb9463feac238794

    • SHA1

      6b3cd07a8f6c6b700d5c95d3ad356bbbd45f46e4

    • SHA256

      74d478e0e2a6b8e5bb75d912cf1f368e8a02c529d42188ca02a2584bd7d49cd7

    • SHA512

      0f58115384f8aaba9489e8a584909a39072f1de03e3e472a8f548cdf9f16a43bddce14f3387f194931c620fcd6224b5864cb71402495d156f0749b07ae3e9b58

    • SSDEEP

      98304:cqBIl7aLbuCSom9o2pziWyhwPYxNlrr/scyw4bp:zc72uhogTziKAHlnyXp

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks