glupteba | 039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51
Size

4.0MB
Sample

221130-2ee5waba89
MD5

32bd21beaa20de9cdf41be50c5943e8b
SHA1

9f1f0a85f1185d503eb3586149d95a347d0401bc
SHA256

039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51
SHA512

769ce78dc020163633a0514310a96efb056e341808faea3d24ecb7d01a4fe8fe3dbc42d42d32a1b399a9506a949b6148d7040c4edccf9b34b6a9a5f275e757d2
SSDEEP

98304:s+KQV8p0ww2h2lE1N9xrmeDfhN3a0IXDfB2OEG4GX3O8XwFKGac0:j8p0ww2hYk9xrmebhN3a0ITZYWW3aV

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51.exe

Resource

win10v2004-20220901-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51
- Size
  
  4.0MB
- MD5
  
  32bd21beaa20de9cdf41be50c5943e8b
- SHA1
  
  9f1f0a85f1185d503eb3586149d95a347d0401bc
- SHA256
  
  039ad05f6bd67d5c4ddd7f73b26774af4f1a62bf3544cc530133b970f3bddc51
- SHA512
  
  769ce78dc020163633a0514310a96efb056e341808faea3d24ecb7d01a4fe8fe3dbc42d42d32a1b399a9506a949b6148d7040c4edccf9b34b6a9a5f275e757d2
- SSDEEP
  
  98304:s+KQV8p0ww2h2lE1N9xrmeDfhN3a0IXDfB2OEG4GX3O8XwFKGac0:j8p0ww2hYk9xrmebhN3a0ITZYWW3aV
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy