glupteba | a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de
Size

4.1MB
Sample

230131-m34e2shg9x
MD5

a74832e21e306d533ae1dc526afe3a81
SHA1

a2515a0d75a11a111c83b25476faccccbfebd577
SHA256

a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de
SHA512

b765d0975d34a68979c384f90962c5e8e2d4ab2098251c06f49bc3c267f7fa117ae4ef8e8949bcaeef116ed34a4b9b566dc8446dc6368870855cec2dcbfe2e5a
SSDEEP

98304:+DRa9t52alR+zGMAoLvfaiYMIKqODq2EVBfHX0VJ3VKrlSPNB1rpWSzT:+NAkab+zl1vfj1dbEVpEzlqSz1L

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de
- Size
  
  4.1MB
- MD5
  
  a74832e21e306d533ae1dc526afe3a81
- SHA1
  
  a2515a0d75a11a111c83b25476faccccbfebd577
- SHA256
  
  a9d7793620418cb43e434a69b47310d76ae13d5036e30479e4bc1b6f522ec2de
- SHA512
  
  b765d0975d34a68979c384f90962c5e8e2d4ab2098251c06f49bc3c267f7fa117ae4ef8e8949bcaeef116ed34a4b9b566dc8446dc6368870855cec2dcbfe2e5a
- SSDEEP
  
  98304:+DRa9t52alR+zGMAoLvfaiYMIKqODq2EVBfHX0VJ3VKrlSPNB1rpWSzT:+NAkab+zl1vfj1dbEVpEzlqSz1L
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy