glupteba | 3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
Size

4.1MB
Sample

230127-y246qsed5x
MD5

5e995dec2c74d50812aceea4de782f51
SHA1

128710317ac7b528030236488b529fe8063a6e8a
SHA256

3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
SHA512

fc4db5c1a1db19990e6e169f546651f53ef85e9cfa1d0b386a34501299bc7f06b8df6db59cf95df3d49c687f7f89c37772cc11fc52c3e070efa89d40037ec8cd
SSDEEP

98304:hRw5XPUe62fG7d7Rik3k6ckpmwz5Om7s4kk4cXF15DFwPVf:hR076J7ddik3Vjv44Z4cX75Ef

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
- Size
  
  4.1MB
- MD5
  
  5e995dec2c74d50812aceea4de782f51
- SHA1
  
  128710317ac7b528030236488b529fe8063a6e8a
- SHA256
  
  3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
- SHA512
  
  fc4db5c1a1db19990e6e169f546651f53ef85e9cfa1d0b386a34501299bc7f06b8df6db59cf95df3d49c687f7f89c37772cc11fc52c3e070efa89d40037ec8cd
- SSDEEP
  
  98304:hRw5XPUe62fG7d7Rik3k6ckpmwz5Om7s4kk4cXF15DFwPVf:hR076J7ddik3Vjv44Z4cX75Ef
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy