glupteba | b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2
Size

4.1MB
Sample

221129-f5w1eshh52
MD5

eeaacc5d8800cad9ac19519efea555bd
SHA1

423cf907f447546cecd63fdfb3c7c9d710756676
SHA256

b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2
SHA512

5674688678f8b562fb90a1317a50cff4989f8f01ac794e739a0dc524cf6587563cce46fd2f5146bca1dd3fb217e3bdc3719f0ebacde49824e70c4b3fb8562071
SSDEEP

98304:zMKbOWDfrI4HsNsD3bFRtrhbTfz7dTXvy9R/s15PQX:zM6fuG7DlJflTXks0

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2
- Size
  
  4.1MB
- MD5
  
  eeaacc5d8800cad9ac19519efea555bd
- SHA1
  
  423cf907f447546cecd63fdfb3c7c9d710756676
- SHA256
  
  b7ec7fff5c5fc8a564205bef07b8f60aecda73933927dd18f345ccec133f99f2
- SHA512
  
  5674688678f8b562fb90a1317a50cff4989f8f01ac794e739a0dc524cf6587563cce46fd2f5146bca1dd3fb217e3bdc3719f0ebacde49824e70c4b3fb8562071
- SSDEEP
  
  98304:zMKbOWDfrI4HsNsD3bFRtrhbTfz7dTXvy9R/s15PQX:zM6fuG7DlJflTXks0
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy