glupteba | 6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564
Size

4.0MB
Sample

221130-x6vbnabg8x
MD5

f0446eb20e982dab23e3a7e980c22134
SHA1

d28e7ff9e0eb40124713c925975b6e1bc87089ef
SHA256

6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564
SHA512

9937ef501e43c92242c5089bb713358809bf7f1520073d1f04730c23d19f0033f6cf4279f9fef6688d6412943bd2b440c4b91828d29a4a42ab33f494366ffd30
SSDEEP

98304:r9oyhMKUHEin9692umpfwgbzzmwOVK2wvVML/:Z1MKGu6zmjK1WD

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564
- Size
  
  4.0MB
- MD5
  
  f0446eb20e982dab23e3a7e980c22134
- SHA1
  
  d28e7ff9e0eb40124713c925975b6e1bc87089ef
- SHA256
  
  6e1ce5d507dd15e6c7136fd245f9357d3a436540c37c428127b83ad5bdb82564
- SHA512
  
  9937ef501e43c92242c5089bb713358809bf7f1520073d1f04730c23d19f0033f6cf4279f9fef6688d6412943bd2b440c4b91828d29a4a42ab33f494366ffd30
- SSDEEP
  
  98304:r9oyhMKUHEin9692umpfwgbzzmwOVK2wvVML/:Z1MKGu6zmjK1WD
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy