glupteba | 6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213
Size

4.0MB
Sample

230203-xr4xjsda6z
MD5

ddf8e620f41a247d9e8fb7dcdc06edb5
SHA1

5db327c28b3c0bb990e0750197ae0bacf1dee564
SHA256

6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213
SHA512

516719f264b7cac0d5041c847073a5cdf45de61e5cff8c418f4229eccc4f78982606bb2f5934cc9398a01c8d840842f23abefd94d84a6bc9c7061dd217829c3b
SSDEEP

98304:OC7ev/9edV/oLryVXQefuunuXYxWKBsjAb02m59IO:V7g9eP/GefuummLejA7m5mO

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213
- Size
  
  4.0MB
- MD5
  
  ddf8e620f41a247d9e8fb7dcdc06edb5
- SHA1
  
  5db327c28b3c0bb990e0750197ae0bacf1dee564
- SHA256
  
  6fcc7af98705b8817e4b4bf9e0a0e3e72e042e0e39d6db363fcf0de89821b213
- SHA512
  
  516719f264b7cac0d5041c847073a5cdf45de61e5cff8c418f4229eccc4f78982606bb2f5934cc9398a01c8d840842f23abefd94d84a6bc9c7061dd217829c3b
- SSDEEP
  
  98304:OC7ev/9edV/oLryVXQefuunuXYxWKBsjAb02m59IO:V7g9eP/GefuummLejA7m5mO
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy