Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9243ad693344cd5e5b67291db12db80f3de5ca444efa1f8c1449a3b9ebd4647b

  • Size

    4.1MB

  • Sample

    230127-xejqvaea3z

  • MD5

    6eebf7de9b90cff193398ef2dd73a50a

  • SHA1

    bc54d2bf18d814a5837fd71072d6920d91eb5b0b

  • SHA256

    9243ad693344cd5e5b67291db12db80f3de5ca444efa1f8c1449a3b9ebd4647b

  • SHA512

    14554d1e3d1f2d962046c123d81f0914882be39896dba6e8d82d5294b1f764ce5096979e716400e0cf30c8ec1c42a03ba4487ca76a9bf44e054eada2f1aa56b7

  • SSDEEP

    98304:10QD8sObirSmNLEfjSxtdC0ds7HP+smP8BIO7dQVMhR14GuYxVS4GW:WOWmNL8jSxReGsmPSQmhFHP

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      9243ad693344cd5e5b67291db12db80f3de5ca444efa1f8c1449a3b9ebd4647b

    • Size

      4.1MB

    • MD5

      6eebf7de9b90cff193398ef2dd73a50a

    • SHA1

      bc54d2bf18d814a5837fd71072d6920d91eb5b0b

    • SHA256

      9243ad693344cd5e5b67291db12db80f3de5ca444efa1f8c1449a3b9ebd4647b

    • SHA512

      14554d1e3d1f2d962046c123d81f0914882be39896dba6e8d82d5294b1f764ce5096979e716400e0cf30c8ec1c42a03ba4487ca76a9bf44e054eada2f1aa56b7

    • SSDEEP

      98304:10QD8sObirSmNLEfjSxtdC0ds7HP+smP8BIO7dQVMhR14GuYxVS4GW:WOWmNL8jSxReGsmPSQmhFHP

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks