Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a

  • Size

    4.1MB

  • Sample

    230128-vpqk2afd58

  • MD5

    a778f7836f33468337f140242c58f646

  • SHA1

    d217a4913a71dc2f29bee6655b7da19a2cf080d5

  • SHA256

    3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a

  • SHA512

    562d53064dfc6ea4f537c047e64b706fdb0689f5f5f4905e1ff1ff22ccb7ac5218af5dad3d9cbaee89692f6715c84698d1ca60011d9f7a2e8ebdf43ff1a01c2d

  • SSDEEP

    98304:SOqXoLnq2a4kzk80+Jgz05f0n5vgckPLYUCi3dhMgyJVieN9MZIehaGh6EFur6XD:S5Xinq3JIYJ40y5vVkPLNoVieN9MZPI4

Score
10/10
gluptebadiscoverydropperevasionloaderpersistence

Malware Config

Targets

    • Target

      3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a

    • Size

      4.1MB

    • MD5

      a778f7836f33468337f140242c58f646

    • SHA1

      d217a4913a71dc2f29bee6655b7da19a2cf080d5

    • SHA256

      3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a

    • SHA512

      562d53064dfc6ea4f537c047e64b706fdb0689f5f5f4905e1ff1ff22ccb7ac5218af5dad3d9cbaee89692f6715c84698d1ca60011d9f7a2e8ebdf43ff1a01c2d

    • SSDEEP

      98304:SOqXoLnq2a4kzk80+Jgz05f0n5vgckPLYUCi3dhMgyJVieN9MZIehaGh6EFur6XD:S5Xinq3JIYJ40y5vVkPLNoVieN9MZPI4

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistence

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks