glupteba | 6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae
Size

4.1MB
Sample

221010-hz6c1sahf5
MD5

29b5ab35779d4341bb7680d86e112d11
SHA1

055f46cc24bc2747c1c3759d3848cfc39d5c9cdc
SHA256

6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae
SHA512

23ae427e846f02098c3964a3a5a8d739c57d212b791c2da123d99a0e3460cc08220d79c4be309c49bca88e339982cfad52b45ea1ff9c3f96a317389e4cc2ec79
SSDEEP

98304:5s7gKX7TOVDCYYQqfJFtPT3cICvP64a1vG:i0I7aF9YRfJFtL32Kq

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae
- Size
  
  4.1MB
- MD5
  
  29b5ab35779d4341bb7680d86e112d11
- SHA1
  
  055f46cc24bc2747c1c3759d3848cfc39d5c9cdc
- SHA256
  
  6c1e25e272c5cff861ac913e476af935d9cc5d9d208e21379cb9fbbfbb8663ae
- SHA512
  
  23ae427e846f02098c3964a3a5a8d739c57d212b791c2da123d99a0e3460cc08220d79c4be309c49bca88e339982cfad52b45ea1ff9c3f96a317389e4cc2ec79
- SSDEEP
  
  98304:5s7gKX7TOVDCYYQqfJFtPT3cICvP64a1vG:i0I7aF9YRfJFtL32Kq
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy