glupteba | 722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb
Size

4.0MB
Sample

230203-xzst9ade3z
MD5

0b1ba52e80b9a31fe02acca96d47d132
SHA1

f81d88e07d12c6c1d0745a049a32da8e7ff5b940
SHA256

722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb
SHA512

eaf2f00076554e070822ded7679bfeb26c489f515cb114aaf26cd83a71b388090c0e7d754a4bf826ab2b6bcc7d1605ff34203e9c8cfa7037446018c8540ba290
SSDEEP

98304:OC7ev/9edV/oLryVXQefuunuXYxWKBsjAb02m59I2:V7g9eP/GefuummLejA7m5m2

Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence trojan upx

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb
- Size
  
  4.0MB
- MD5
  
  0b1ba52e80b9a31fe02acca96d47d132
- SHA1
  
  f81d88e07d12c6c1d0745a049a32da8e7ff5b940
- SHA256
  
  722d7de9954ed5725bf852e693177e4d93df77798c6f8005034100d4944dfadb
- SHA512
  
  eaf2f00076554e070822ded7679bfeb26c489f515cb114aaf26cd83a71b388090c0e7d754a4bf826ab2b6bcc7d1605ff34203e9c8cfa7037446018c8540ba290
- SSDEEP
  
  98304:OC7ev/9edV/oLryVXQefuunuXYxWKBsjAb02m59I2:V7g9eP/GefuummLejA7m5m2
Score

10^/10

glupteba discovery dropper evasion loader persistence trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy