Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e56d896fb047af5c9e7ed3c18b7e4d71341a918eb0441faa82214be9520c6c2b

  • Size

    4.0MB

  • Sample

    230220-vlmpzade4w

  • MD5

    97b814719edd1ffc431ed0d43f6e3e1e

  • SHA1

    61bde4a72187c2800f79d900924be519f5aa5059

  • SHA256

    e56d896fb047af5c9e7ed3c18b7e4d71341a918eb0441faa82214be9520c6c2b

  • SHA512

    c6701b486de46c1309f9fbbb8ee4c779c5ab1bf1de1a1118a1eae95fc1a0a8b1382acd76c57896fc8b8ded81bd11e470ca5ba3420638c3a3ccf21ab551b73d92

  • SSDEEP

    98304:7TMGIdgeNduUIpLIICrCMuQSL9oIEirQN9xZC:7TYGSotIJtuQw9oZir4C

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

Malware Config

Targets

    • Target

      e56d896fb047af5c9e7ed3c18b7e4d71341a918eb0441faa82214be9520c6c2b

    • Size

      4.0MB

    • MD5

      97b814719edd1ffc431ed0d43f6e3e1e

    • SHA1

      61bde4a72187c2800f79d900924be519f5aa5059

    • SHA256

      e56d896fb047af5c9e7ed3c18b7e4d71341a918eb0441faa82214be9520c6c2b

    • SHA512

      c6701b486de46c1309f9fbbb8ee4c779c5ab1bf1de1a1118a1eae95fc1a0a8b1382acd76c57896fc8b8ded81bd11e470ca5ba3420638c3a3ccf21ab551b73d92

    • SSDEEP

      98304:7TMGIdgeNduUIpLIICrCMuQSL9oIEirQN9xZC:7TYGSotIJtuQw9oZir4C

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks