glupteba | 651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
Size

4.2MB
Sample

221012-g6jxxscfh8
MD5

a6b6a83efe363a24a177ad2ecfdad04b
SHA1

c9eed6963b58ad0f731c9f54ff605d0d4cd9162e
SHA256

651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
SHA512

2f0aee234308b62adb8657eb7ecda69d98d2a6f8630e36a68ce2182243563e9c0646d5330969437ad45c5613998e30e49ea9a5d6994e2c9b248d8f83724e9c35
SSDEEP

98304:cQp30HOnxqh6zFKV4lrMpqoYsJAL0y6nCB6q8Ve:P+h6hKGrM0RsKL0ye4b8Ve

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
- Size
  
  4.2MB
- MD5
  
  a6b6a83efe363a24a177ad2ecfdad04b
- SHA1
  
  c9eed6963b58ad0f731c9f54ff605d0d4cd9162e
- SHA256
  
  651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
- SHA512
  
  2f0aee234308b62adb8657eb7ecda69d98d2a6f8630e36a68ce2182243563e9c0646d5330969437ad45c5613998e30e49ea9a5d6994e2c9b248d8f83724e9c35
- SSDEEP
  
  98304:cQp30HOnxqh6zFKV4lrMpqoYsJAL0y6nCB6q8Ve:P+h6hKGrM0RsKL0ye4b8Ve
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy