glupteba | 3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36
Size

4.0MB
Sample

221126-v4pbhsbg36
MD5

e4576df59853fcbdabd419702d680ee2
SHA1

5d900fe987f125b9ac11c0228fcdc36940d83a4e
SHA256

3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36
SHA512

8bdbb24e130ad42b9d144894660855c6ac08b135738e22bc4b98dc9329c8c390e07fc84d4809523eb980b46ecc4308114a83f9b2450fd01f2a932aa661cd836f
SSDEEP

98304:v2U4WkBTpP/ywB+5DVywNsrTrSnEA3A/W0kYOkq3aJlk:va3BBaw85D8wQut37/dn38k

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36
- Size
  
  4.0MB
- MD5
  
  e4576df59853fcbdabd419702d680ee2
- SHA1
  
  5d900fe987f125b9ac11c0228fcdc36940d83a4e
- SHA256
  
  3b48c63684f4d02c772fea2354b1503dcabb97917ff3fc33b2abb31e39231e36
- SHA512
  
  8bdbb24e130ad42b9d144894660855c6ac08b135738e22bc4b98dc9329c8c390e07fc84d4809523eb980b46ecc4308114a83f9b2450fd01f2a932aa661cd836f
- SSDEEP
  
  98304:v2U4WkBTpP/ywB+5DVywNsrTrSnEA3A/W0kYOkq3aJlk:va3BBaw85D8wQut37/dn38k
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy