glupteba | 4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6
Size

4.0MB
Sample

230220-t5lfksbf32
MD5

78848d53017748f91b761cb78ccd1928
SHA1

af9a014474101cb63658f48ab8108ed9985b9fc5
SHA256

4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6
SHA512

26939ac6c74af1d569d830335cce023c681ed435dd2c602f280513b535f80159c05a23c45032df69b1577ff7cbc3a72a7447077e866d7637ec2c7a81efecf34e
SSDEEP

98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74GlB:jjW3pkhFfFsakZJDuiL4GT

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6.exe

Resource

win10-20220812-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6
- Size
  
  4.0MB
- MD5
  
  78848d53017748f91b761cb78ccd1928
- SHA1
  
  af9a014474101cb63658f48ab8108ed9985b9fc5
- SHA256
  
  4b23d5fef10196d4762dace6e7156cb52e743788f96541f3d609dbed204219f6
- SHA512
  
  26939ac6c74af1d569d830335cce023c681ed435dd2c602f280513b535f80159c05a23c45032df69b1577ff7cbc3a72a7447077e866d7637ec2c7a81efecf34e
- SSDEEP
  
  98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74GlB:jjW3pkhFfFsakZJDuiL4GT
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2024

Terms | Privacy