Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32b8911221679f9a2ca9d74665da658a0bcff4c6e04df5820de76c22b6a46d69

  • Size

    4.1MB

  • Sample

    230203-j7r12agd9s

  • MD5

    18eef82bb7f8c44dbb2544df3f4500b1

  • SHA1

    ab375e69a1425caa705d3b81f74359dd29324c54

  • SHA256

    32b8911221679f9a2ca9d74665da658a0bcff4c6e04df5820de76c22b6a46d69

  • SHA512

    91daaab952fd1e6cbe643f414162e0b0e6fc2704ebb44ba9b876e38d44b9b702a8293c54caee23403d0adf950ac11f6c7bc68dfbe9f3565ce39296d168d20dd2

  • SSDEEP

    98304:716yO65OGQAlOoza46CaI2OlcIYFRLJI22LXXTAgqo:7UL6lmZDIOIYFRLJOnUI

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      32b8911221679f9a2ca9d74665da658a0bcff4c6e04df5820de76c22b6a46d69

    • Size

      4.1MB

    • MD5

      18eef82bb7f8c44dbb2544df3f4500b1

    • SHA1

      ab375e69a1425caa705d3b81f74359dd29324c54

    • SHA256

      32b8911221679f9a2ca9d74665da658a0bcff4c6e04df5820de76c22b6a46d69

    • SHA512

      91daaab952fd1e6cbe643f414162e0b0e6fc2704ebb44ba9b876e38d44b9b702a8293c54caee23403d0adf950ac11f6c7bc68dfbe9f3565ce39296d168d20dd2

    • SSDEEP

      98304:716yO65OGQAlOoza46CaI2OlcIYFRLJI22LXXTAgqo:7UL6lmZDIOIYFRLJOnUI

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks