glupteba | 8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
Size

4.1MB
Sample

221009-cmb1ragbb4
MD5

4d496d6b2823af81c91e50092da29333
SHA1

edbdf93b059c051bb65b1289ecdc2ee8eee02916
SHA256

8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
SHA512

ff78a363d5b6f53e8aa7ce42f60a648596aa8433a4cc0fcbecb721a957bd0f187246e82e8c84529b96b04929573e8eab085ccf8814da71c8c6e56b7ff6a91f42
SSDEEP

98304:uYihGjFuRUho4klWuEnfuFxbs/RBovcN2flXlu:XihGERUSIumuFq/RBovY2NXY

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
- Size
  
  4.1MB
- MD5
  
  4d496d6b2823af81c91e50092da29333
- SHA1
  
  edbdf93b059c051bb65b1289ecdc2ee8eee02916
- SHA256
  
  8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
- SHA512
  
  ff78a363d5b6f53e8aa7ce42f60a648596aa8433a4cc0fcbecb721a957bd0f187246e82e8c84529b96b04929573e8eab085ccf8814da71c8c6e56b7ff6a91f42
- SSDEEP
  
  98304:uYihGjFuRUho4klWuEnfuFxbs/RBovcN2flXlu:XihGERUSIumuFq/RBovY2NXY
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy