Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df818880a47e17f4b98337d737d45d54f38580eb35670230cd33f03c8288cd6a

  • Size

    4.1MB

  • Sample

    230205-madnxscd6w

  • MD5

    2dae2051d484e38b632bdb465f7f37ab

  • SHA1

    e5b4c664b862162410bec22c013073fb4c88d5ef

  • SHA256

    df818880a47e17f4b98337d737d45d54f38580eb35670230cd33f03c8288cd6a

  • SHA512

    6d9a8ce30d7091892b8332eb7abdedfa6920b5297f2f0bec9166123dfac0aafd94ad50d037d5effede0293cd02329e9b484678d682710a3bf6276741e874edee

  • SSDEEP

    98304:wKkFVqJRUD4yKVxLziwc8rm7PLVR0gw3MaW3jkHpIr5+O+RY:wKdXUD4F1mw5rMADFW3jkjlm

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      df818880a47e17f4b98337d737d45d54f38580eb35670230cd33f03c8288cd6a

    • Size

      4.1MB

    • MD5

      2dae2051d484e38b632bdb465f7f37ab

    • SHA1

      e5b4c664b862162410bec22c013073fb4c88d5ef

    • SHA256

      df818880a47e17f4b98337d737d45d54f38580eb35670230cd33f03c8288cd6a

    • SHA512

      6d9a8ce30d7091892b8332eb7abdedfa6920b5297f2f0bec9166123dfac0aafd94ad50d037d5effede0293cd02329e9b484678d682710a3bf6276741e874edee

    • SSDEEP

      98304:wKkFVqJRUD4yKVxLziwc8rm7PLVR0gw3MaW3jkHpIr5+O+RY:wKdXUD4F1mw5rMADFW3jkjlm

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks