Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd

  • Size

    4.2MB

  • Sample

    230202-zhk47aag2w

  • MD5

    de9be0a5ce8940d9300a8f487a823f03

  • SHA1

    0b3ea5a7ecbf2c6b7942a2f2bf51f2aaf2676653

  • SHA256

    f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd

  • SHA512

    168abacd222c3df5adaa080d50e1c7c5b64ed54721ece2cc4670b5af8703df4021546df7e3d782f518bb3aacc2652e9bd8c350a2773f5b961b17794a99f78afb

  • SSDEEP

    98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle7:++/UkRPTXLK4Rj2gkm5I7

Score
10/10
gluptebadiscoverydropperevasionloaderpersistence

Malware Config

Targets

    • Target

      f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd

    • Size

      4.2MB

    • MD5

      de9be0a5ce8940d9300a8f487a823f03

    • SHA1

      0b3ea5a7ecbf2c6b7942a2f2bf51f2aaf2676653

    • SHA256

      f691229e74993af3004f7c6cb19a7251b20c2b594b626feeff5ee38ee26b64cd

    • SHA512

      168abacd222c3df5adaa080d50e1c7c5b64ed54721ece2cc4670b5af8703df4021546df7e3d782f518bb3aacc2652e9bd8c350a2773f5b961b17794a99f78afb

    • SSDEEP

      98304:6telLDUkO9sPk0KAhDY6LKk1S/Ej2gjwm5RFle7:++/UkRPTXLK4Rj2gkm5I7

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistence

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks