glupteba | 221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f
Size

4.1MB
Sample

230202-q6gx1adc91
MD5

a8f59c9814b70f8ee0ca2c30c0112afb
SHA1

24f1618d466d601b3d0c7ab1b41411d100a0e3bd
SHA256

221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f
SHA512

414b8138a08189a4e8552e5e52a36b005cd4dbdefffbb267568106080a857a5f8e502302f2a9dfaa111d701e521d3b09ca15457f4e8ecd483187feaedc9dd3d5
SSDEEP

98304:v8+tOgQNJoxnPTtSIZTCNfXKCvPF8rRb7pumT7qb7g:0+tcNJoRPT1ZTCldHWnpumTsg

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f
- Size
  
  4.1MB
- MD5
  
  a8f59c9814b70f8ee0ca2c30c0112afb
- SHA1
  
  24f1618d466d601b3d0c7ab1b41411d100a0e3bd
- SHA256
  
  221f7a1936cab2179b7359d06c6b37952fb97648595ee8a72b409ef73385013f
- SHA512
  
  414b8138a08189a4e8552e5e52a36b005cd4dbdefffbb267568106080a857a5f8e502302f2a9dfaa111d701e521d3b09ca15457f4e8ecd483187feaedc9dd3d5
- SSDEEP
  
  98304:v8+tOgQNJoxnPTtSIZTCNfXKCvPF8rRb7pumT7qb7g:0+tcNJoRPT1ZTCldHWnpumTsg
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy