glupteba | 5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44
Size

4.1MB
Sample

221012-m8635addaj
MD5

dae4dc01d1b8f82338dd1136f65e345c
SHA1

575a763ca450ea42c6eb747184fa6c31edbd69dc
SHA256

5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44
SHA512

497341569ee82999e4052956fb8f9613ac59cc3f5ba604644402b1d33e87b0772de94adb2389cd0f39fd4e54ddaca3f9eb55578e4ccc7f89aa1423bb3cb5310f
SSDEEP

98304:wCxJLoGmMJh/lZp8get1AOD1NCESdLoMOh2vj11trBuFwf1rU:pxBoF6htS1A0CbnW2r3yFwfdU

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44
- Size
  
  4.1MB
- MD5
  
  dae4dc01d1b8f82338dd1136f65e345c
- SHA1
  
  575a763ca450ea42c6eb747184fa6c31edbd69dc
- SHA256
  
  5750d047eaa77dbaf98922f2348310d470439485473611d9113280812138af44
- SHA512
  
  497341569ee82999e4052956fb8f9613ac59cc3f5ba604644402b1d33e87b0772de94adb2389cd0f39fd4e54ddaca3f9eb55578e4ccc7f89aa1423bb3cb5310f
- SSDEEP
  
  98304:wCxJLoGmMJh/lZp8get1AOD1NCESdLoMOh2vj11trBuFwf1rU:pxBoF6htS1A0CbnW2r3yFwfdU
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy