Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28

  • Size

    4.0MB

  • Sample

    221201-j5fj8aaa85

  • MD5

    47a8a5bb877055edd0a38e66aca3bbce

  • SHA1

    f4de6b8d24c44b500a528613a49b124d4594ccad

  • SHA256

    94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28

  • SHA512

    b28382156a2f17e3c44d896e9bcb36bd40f5932fd3dc039389311b4700980ab4ba769e824f47f4826c35cc30d8799d1a484433b37cb0707b1b32f42807602963

  • SSDEEP

    98304:hoAWptSMcOpQAYw9jjKLF3d0f1csFgJEsrVW5MC6:hoAWnnlB9Xot2srVgM7

Score
10/10
gluptebadiscoverydropperevasionloaderpersistence

Malware Config

Targets

    • Target

      94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28

    • Size

      4.0MB

    • MD5

      47a8a5bb877055edd0a38e66aca3bbce

    • SHA1

      f4de6b8d24c44b500a528613a49b124d4594ccad

    • SHA256

      94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28

    • SHA512

      b28382156a2f17e3c44d896e9bcb36bd40f5932fd3dc039389311b4700980ab4ba769e824f47f4826c35cc30d8799d1a484433b37cb0707b1b32f42807602963

    • SSDEEP

      98304:hoAWptSMcOpQAYw9jjKLF3d0f1csFgJEsrVW5MC6:hoAWnnlB9Xot2srVgM7

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistence

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks