glupteba | 329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2
Size

4.1MB
Sample

221128-vq4t2sfc8t
MD5

c464e274139168d7bfae95efca282d35
SHA1

b515ac098d959a5b0ccab49e612311eccbe89759
SHA256

329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2
SHA512

e9e168684c5f4ec5498d92213177e039539b2c19acec4a9257c74e2afe90545efd0ac05eb6e1003879af5598674e408ab08e682a3c60fd3ebc72c823bc31d17c
SSDEEP

98304:i46DDV2dO19M5fEcGk+aSr4oe8Oru22gnmiqr51QOSJucVUuSD7a:i4yDV2dO/zcS4D8t2Bnmi2LcVUucO

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2
- Size
  
  4.1MB
- MD5
  
  c464e274139168d7bfae95efca282d35
- SHA1
  
  b515ac098d959a5b0ccab49e612311eccbe89759
- SHA256
  
  329dced78cefd2d9248ca0ca152bbab9b3d3960a364c29006734456aeff6dcf2
- SHA512
  
  e9e168684c5f4ec5498d92213177e039539b2c19acec4a9257c74e2afe90545efd0ac05eb6e1003879af5598674e408ab08e682a3c60fd3ebc72c823bc31d17c
- SSDEEP
  
  98304:i46DDV2dO19M5fEcGk+aSr4oe8Oru22gnmiqr51QOSJucVUuSD7a:i4yDV2dO/zcS4D8t2Bnmi2LcVUucO
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy