glupteba | 615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790
Size

4.0MB
Sample

221126-j9wf8see92
MD5

1b234f859e1f5686d7d0f30d9a9b8f19
SHA1

a6a2b1d513f4991ab15de32cb8eaf786793d59ce
SHA256

615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790
SHA512

8c9c1e7c6d92396720453bdc89e385a5811e31e42bf3260afe35008b1b366537b7aa34e90e520f08d2616e280fbaac91d74d431e70841b4c9356450d0731b625
SSDEEP

98304:VuVF60Srz2rPGQHrQa8uJy4+ZEEAopZ7PGOBKOOmcdOiQXMtWOKlq3z:VoXIG5ry0y4+ZE0Z7tBYOaWOKoj

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790
- Size
  
  4.0MB
- MD5
  
  1b234f859e1f5686d7d0f30d9a9b8f19
- SHA1
  
  a6a2b1d513f4991ab15de32cb8eaf786793d59ce
- SHA256
  
  615c6b4f5c08b24f9edfb8245d2567c34e8dbba871aeee852d0c8e1c908cd790
- SHA512
  
  8c9c1e7c6d92396720453bdc89e385a5811e31e42bf3260afe35008b1b366537b7aa34e90e520f08d2616e280fbaac91d74d431e70841b4c9356450d0731b625
- SSDEEP
  
  98304:VuVF60Srz2rPGQHrQa8uJy4+ZEEAopZ7PGOBKOOmcdOiQXMtWOKlq3z:VoXIG5ry0y4+ZE0Z7tBYOaWOKoj
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy