glupteba | 53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3
Size

4.0MB
Sample

221123-mn29fahg8w
MD5

2af60c6254292a2b06351158bd410039
SHA1

0eecbfdd54446bb5a72cc5d44f6fba72e9136956
SHA256

53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3
SHA512

7c2e09b21e2e7a3d7a75afc80ed26ff35a848ab75bde58fcc31700d585be47f8ec958a925981ba87f5ee3e977e945084b694a01f393a1f0bc103223edcef0ae6
SSDEEP

98304:McDXKBRbg3XxsTDOLpj6PS/9PquUKFlVdEZfNCReqeVs6iBaYN:MxXbg2TD4ZPTl86eVOt

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3
- Size
  
  4.0MB
- MD5
  
  2af60c6254292a2b06351158bd410039
- SHA1
  
  0eecbfdd54446bb5a72cc5d44f6fba72e9136956
- SHA256
  
  53814991c2eb7e2d133e76deb945430d2897a10ee57cd4206d9db26dd965f3b3
- SHA512
  
  7c2e09b21e2e7a3d7a75afc80ed26ff35a848ab75bde58fcc31700d585be47f8ec958a925981ba87f5ee3e977e945084b694a01f393a1f0bc103223edcef0ae6
- SSDEEP
  
  98304:McDXKBRbg3XxsTDOLpj6PS/9PquUKFlVdEZfNCReqeVs6iBaYN:MxXbg2TD4ZPTl86eVOt
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy