glupteba | 7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e
Size

4.0MB
Sample

221125-j5devsge9x
MD5

409b92ac2b94abb612c57682f39b8c7e
SHA1

71a8a02d9078afd68d4d2a496f11c3afd211c6ee
SHA256

7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e
SHA512

4321ecf5f236feb8a7b7b25471998040e3295a220baba3b5bd27904175b215d7903bb727dc2cd3c20613b296373162f873c1d2aa597605bf3f0390f1dbdb5b6b
SSDEEP

49152:MmwXxULQsvniqNZGqkBVgpYtsjRxG1dkEBbDJtvF74DVXeooshAq0eWckWaF01UG:Ny2LX3NZGftv5BbDzCwJLdeRaF0yByjH

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e.exe

Resource

win10-20220901-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e
- Size
  
  4.0MB
- MD5
  
  409b92ac2b94abb612c57682f39b8c7e
- SHA1
  
  71a8a02d9078afd68d4d2a496f11c3afd211c6ee
- SHA256
  
  7e1560ac33a0fc6b72d8da5165d91f26e4d985b1f3f4c4aab3d8fc8c1145ec7e
- SHA512
  
  4321ecf5f236feb8a7b7b25471998040e3295a220baba3b5bd27904175b215d7903bb727dc2cd3c20613b296373162f873c1d2aa597605bf3f0390f1dbdb5b6b
- SSDEEP
  
  49152:MmwXxULQsvniqNZGqkBVgpYtsjRxG1dkEBbDJtvF74DVXeooshAq0eWckWaF01UG:Ny2LX3NZGftv5BbDzCwJLdeRaF0yByjH
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy