Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef

  • Size

    4.1MB

  • Sample

    230204-r8agdagh7z

  • MD5

    1721a7f0f9f163e12636a88e260b1c78

  • SHA1

    93ec46a8ccbb742b5c289b48b783fcc6f4e08d1f

  • SHA256

    88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef

  • SHA512

    ea7480d09203620a98d68175b3eb6ac534290e0403e2d2b73d88248b0dafd177e6520faaf3ffa73e477a6189e20e325f65b779898da3f04b936bfa2949226232

  • SSDEEP

    98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpF:pDfj9nUcHel/H/pLnWKpF

Score
10/10
gluptebadiscoverydropperevasionloaderpersistenceupx

Malware Config

Targets

    • Target

      88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef

    • Size

      4.1MB

    • MD5

      1721a7f0f9f163e12636a88e260b1c78

    • SHA1

      93ec46a8ccbb742b5c289b48b783fcc6f4e08d1f

    • SHA256

      88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef

    • SHA512

      ea7480d09203620a98d68175b3eb6ac534290e0403e2d2b73d88248b0dafd177e6520faaf3ffa73e477a6189e20e325f65b779898da3f04b936bfa2949226232

    • SSDEEP

      98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpF:pDfj9nUcHel/H/pLnWKpF

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks