glupteba | ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060
Size

4.1MB
Sample

221009-p6grkahbdp
MD5

4e0d3da3241f86736c607f9804df930c
SHA1

70c61a23d38c204e94cab31ff2e18fe98353ed9b
SHA256

ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060
SHA512

65133cbf1a21440541ff06acf54126203f8b9cae98378f0687ab66e23f7a781c938950f02500b7bb0cf05afb80e8a5907df59091c2a9b2de4c574a8dedd350b5
SSDEEP

98304:TddLOTeLcbnpUQEIRj4p+d9B87jxcjHQZyxOPg:BDcbq9IKwY6HQZ7g

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060
- Size
  
  4.1MB
- MD5
  
  4e0d3da3241f86736c607f9804df930c
- SHA1
  
  70c61a23d38c204e94cab31ff2e18fe98353ed9b
- SHA256
  
  ffd369555e74df453345aa1fd4b20c400d25d248d69474f1a4f7ad4c68858060
- SHA512
  
  65133cbf1a21440541ff06acf54126203f8b9cae98378f0687ab66e23f7a781c938950f02500b7bb0cf05afb80e8a5907df59091c2a9b2de4c574a8dedd350b5
- SSDEEP
  
  98304:TddLOTeLcbnpUQEIRj4p+d9B87jxcjHQZyxOPg:BDcbq9IKwY6HQZ7g
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy