glupteba | 298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531
Size

4.0MB
Sample

221201-mxkqraec71
MD5

10e235f705e6c29ca58a8cb0212f3af6
SHA1

d42295f64f9283af82458dd0df0b6d5788d66015
SHA256

298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531
SHA512

68e15bb83ca75e45a5db02d9dc9c2954ad0fd1fd0808d92a8984995b9a192408f77950cd71bee7a6896252b8d738d3e6dc245f8ee4bf29b48e8ee3761e0e599b
SSDEEP

98304:EMEUNMAwSi8TA9tCAWu9sTPVt8HqhMgdXm2nGopXYjT3f3:ETUOAni8TAjCAWcUPVt8HtgdrpFYjTf

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531.exe

Resource

win10v2004-20220812-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531
- Size
  
  4.0MB
- MD5
  
  10e235f705e6c29ca58a8cb0212f3af6
- SHA1
  
  d42295f64f9283af82458dd0df0b6d5788d66015
- SHA256
  
  298b3a0866301e3b240a01f3bbe5a7f819e2cac2caff8b051c2c1c814471d531
- SHA512
  
  68e15bb83ca75e45a5db02d9dc9c2954ad0fd1fd0808d92a8984995b9a192408f77950cd71bee7a6896252b8d738d3e6dc245f8ee4bf29b48e8ee3761e0e599b
- SSDEEP
  
  98304:EMEUNMAwSi8TA9tCAWu9sTPVt8HqhMgdXm2nGopXYjT3f3:ETUOAni8TAjCAWcUPVt8HtgdrpFYjTf
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy