glupteba | f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158
Size

4.1MB
Sample

230131-zcx7kaac72
MD5

c05b97286ff837534731f8b6146311fe
SHA1

0a40d3cd32790948ae523339b2c9351d909fc78b
SHA256

f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158
SHA512

58183a83cfc06083ed631a40511dea6dea5ff6206fbc31c56a316828bd55868d2ed67cf48e18aca64366455cc224cf72a6967622ca1d642f0f34060f76075118
SSDEEP

98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoz:pGP4TOarwlQl5Yj7aXzNeEGKoFd

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158
- Size
  
  4.1MB
- MD5
  
  c05b97286ff837534731f8b6146311fe
- SHA1
  
  0a40d3cd32790948ae523339b2c9351d909fc78b
- SHA256
  
  f3edae379d1bcd3c9a61b57904b8c12c6d5c20c7e70e099afba620c9d7cba158
- SHA512
  
  58183a83cfc06083ed631a40511dea6dea5ff6206fbc31c56a316828bd55868d2ed67cf48e18aca64366455cc224cf72a6967622ca1d642f0f34060f76075118
- SSDEEP
  
  98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoz:pGP4TOarwlQl5Yj7aXzNeEGKoFd
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy