glupteba | c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066
Size

4.0MB
Sample

221130-xjp4eshg9s
MD5

ce97c4087eb09ea793539ebe0e2d33dc
SHA1

b9014195565f4dc9386694b466aa3bc4d8bff2aa
SHA256

c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066
SHA512

f3bdcaacfd9e775f232f1eda779ae0d9013aa9d47fd35265b3294f107927c9215ad826175505f9c86b76b7b6510b940139e17965e7be4f402f8a10d76dfe484e
SSDEEP

98304:j79B4abaTapF5OZmo0qwrcp8jRx05icqg7Xo:j792abaeH2gqwjVxaYQ4

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066
- Size
  
  4.0MB
- MD5
  
  ce97c4087eb09ea793539ebe0e2d33dc
- SHA1
  
  b9014195565f4dc9386694b466aa3bc4d8bff2aa
- SHA256
  
  c62ddd1bd09db763ebc48840a588b01cad0ea3a951432472145d659e9b940066
- SHA512
  
  f3bdcaacfd9e775f232f1eda779ae0d9013aa9d47fd35265b3294f107927c9215ad826175505f9c86b76b7b6510b940139e17965e7be4f402f8a10d76dfe484e
- SSDEEP
  
  98304:j79B4abaTapF5OZmo0qwrcp8jRx05icqg7Xo:j792abaeH2gqwjVxaYQ4
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy