glupteba | 128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
Size

4.0MB
Sample

221129-q279dseb86
MD5

72b378c72d0fc9176c96a69d4ea7a965
SHA1

34985a7b6a36b45ea74744e9edaec3866bb9731d
SHA256

128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
SHA512

3348754817a631c8839be0662ea60b7e5b9f928352b3f0bd7419e59c1b6ec21d329ac44f7522b5583f92d1f063dd4c48eeb5f67b3bac145c0dc5189f89ec06bf
SSDEEP

98304:sr5WBbM4/UgykGxAEmn40zHMO2hC5J7yOhyeFPcpoXqAN1ZXmGpk:sr56MRgykG1c4wUhC55yOTxcpTeZXrS

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
- Size
  
  4.0MB
- MD5
  
  72b378c72d0fc9176c96a69d4ea7a965
- SHA1
  
  34985a7b6a36b45ea74744e9edaec3866bb9731d
- SHA256
  
  128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
- SHA512
  
  3348754817a631c8839be0662ea60b7e5b9f928352b3f0bd7419e59c1b6ec21d329ac44f7522b5583f92d1f063dd4c48eeb5f67b3bac145c0dc5189f89ec06bf
- SSDEEP
  
  98304:sr5WBbM4/UgykGxAEmn40zHMO2hC5J7yOhyeFPcpoXqAN1ZXmGpk:sr56MRgykG1c4wUhC55yOTxcpTeZXrS
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy