Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41

  • Size

    4.0MB

  • Sample

    230202-rdatnaee7s

  • MD5

    da9f8f49854878c38e95f93006bc7c19

  • SHA1

    8ae980378bd2c42a24f2a6b4be2f0695a97860d6

  • SHA256

    f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41

  • SHA512

    357ff9810a8f66ebe301daf160072a5ea11a2e579b79d0a34d1b66106facb9b7e9cd045dcf4dd41dd6302e39c31c094438c2c447911504e2d274e65963a7835f

  • SSDEEP

    98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazK:/0GemSkKNLFnj2wBcm

Score
10/10
gluptebadiscoverydropperevasionloaderpersistenceupx

Malware Config

Targets

    • Target

      f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41

    • Size

      4.0MB

    • MD5

      da9f8f49854878c38e95f93006bc7c19

    • SHA1

      8ae980378bd2c42a24f2a6b4be2f0695a97860d6

    • SHA256

      f5080fc8269a3c8dd919e8d1dbd2ff9d6bc562c70c6429a01482236d5f29dc41

    • SHA512

      357ff9810a8f66ebe301daf160072a5ea11a2e579b79d0a34d1b66106facb9b7e9cd045dcf4dd41dd6302e39c31c094438c2c447911504e2d274e65963a7835f

    • SSDEEP

      98304:/ReGuQ8kHOnYvSKhKNLwCErpijireyuBRmsazK:/0GemSkKNLFnj2wBcm

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks