glupteba | 84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec
Size

4.0MB
Sample

221121-31hzbsfe9w
MD5

f0c4941fd800bc3889efb1c0479a7aac
SHA1

54f4897a0c50b3328461f5886e0f3fe5a8c0bd49
SHA256

84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec
SHA512

02bae932ef6e54f0c7d50c862cd88a2b8e7686fcaf07a8912a30d6235b42eee3a87867a5a8e8b5d2dcfa49b7c4a0a4970c8458df731eedc95bce3ba2b13c36d6
SSDEEP

98304:loN1DDQCzD8nqYTMWMIoZDiEn83C/vhEOec3u7yYQkS:loLQCzD8nZTMWM7ZG3C/vhEOnsyYQn

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec
- Size
  
  4.0MB
- MD5
  
  f0c4941fd800bc3889efb1c0479a7aac
- SHA1
  
  54f4897a0c50b3328461f5886e0f3fe5a8c0bd49
- SHA256
  
  84c7ffca71b5a1904e56d2b9b86da047a010ed9bfdbf7e552cdbe235fd8b16ec
- SHA512
  
  02bae932ef6e54f0c7d50c862cd88a2b8e7686fcaf07a8912a30d6235b42eee3a87867a5a8e8b5d2dcfa49b7c4a0a4970c8458df731eedc95bce3ba2b13c36d6
- SSDEEP
  
  98304:loN1DDQCzD8nqYTMWMIoZDiEn83C/vhEOec3u7yYQkS:loLQCzD8nZTMWM7ZG3C/vhEOnsyYQn
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2025

Terms | Privacy