glupteba | 7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
Size

4.1MB
Sample

230201-zvfegacb86
MD5

3bc0a894dc99352751812af09471b4d8
SHA1

064182d9f96de1b090ac7a38962305e6573aa611
SHA256

7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
SHA512

4dca9b828871e081852ba4026bad3ac3e21f7e176121280f889b1fb1e31bcdf40e495745a803fcbd00dc0cd5deaa734cfa8b02260e0c46cf76d1eb954330411b
SSDEEP

98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gk:t+6cJIzMQ5HHHJX7dqn6uF5gk

Score

10^/10

glupteba discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25.exe

Resource

win10v2004-20221111-en

glupteba discovery dropper evasion loader persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
- Size
  
  4.1MB
- MD5
  
  3bc0a894dc99352751812af09471b4d8
- SHA1
  
  064182d9f96de1b090ac7a38962305e6573aa611
- SHA256
  
  7fc9762b88c67839031f5eaa6a8998b11ddfb29818b4e8f57ef49943ebe98a25
- SHA512
  
  4dca9b828871e081852ba4026bad3ac3e21f7e176121280f889b1fb1e31bcdf40e495745a803fcbd00dc0cd5deaa734cfa8b02260e0c46cf76d1eb954330411b
- SSDEEP
  
  98304:tLKvZMtw66uUIzMQ5HHHNvZG+1RKlGdq2UNT2uF5gk:t+6cJIzMQ5HHHJX7dqn6uF5gk
Score

10^/10

glupteba discovery dropper evasion loader persistence upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy