Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba1bbb09607c3e46fdd0a2080b1c22c46acd4d1d89ef3fe3d1ff035912f30ce9

  • Size

    4.0MB

  • Sample

    221123-hv96eaee29

  • MD5

    ed53ae51b8b91b1426b7d2d2becc83cb

  • SHA1

    c98a45f335b05a2fbb5cb365c34cdc69e9260065

  • SHA256

    ba1bbb09607c3e46fdd0a2080b1c22c46acd4d1d89ef3fe3d1ff035912f30ce9

  • SHA512

    f12ee689c7fbdd62b30c82c3a7a3de4d6c5a6713ed1ccbcb85170de349babf82dcdf8bba8663b3de0915c594e210f502c234f2837d8ab0a6407bcd7d7c78e636

  • SSDEEP

    49152:krcFzL+mdliQAPs47oLkkU9uTV1cEop+RjIB9t1ZiDkLiY2MdRJkCsMcMSeZYgxx:qiL+mzAj92V1FVYLZEidjiMRfKgxj24

Score
10/10
gluptebadiscoverydropperevasionloaderpersistence

Malware Config

Targets

    • Target

      ba1bbb09607c3e46fdd0a2080b1c22c46acd4d1d89ef3fe3d1ff035912f30ce9

    • Size

      4.0MB

    • MD5

      ed53ae51b8b91b1426b7d2d2becc83cb

    • SHA1

      c98a45f335b05a2fbb5cb365c34cdc69e9260065

    • SHA256

      ba1bbb09607c3e46fdd0a2080b1c22c46acd4d1d89ef3fe3d1ff035912f30ce9

    • SHA512

      f12ee689c7fbdd62b30c82c3a7a3de4d6c5a6713ed1ccbcb85170de349babf82dcdf8bba8663b3de0915c594e210f502c234f2837d8ab0a6407bcd7d7c78e636

    • SSDEEP

      49152:krcFzL+mdliQAPs47oLkkU9uTV1cEop+RjIB9t1ZiDkLiY2MdRJkCsMcMSeZYgxx:qiL+mzAj92V1FVYLZEidjiMRfKgxj24

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistence

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks