glupteba | 583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6
Size

4.0MB
Sample

230221-f9w6zsdg66
MD5

ff6417557a0f91c21fc9b6ebe8fae7b8
SHA1

b5d8a649047be11bce1f7d5248713efb0120c0bc
SHA256

583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6
SHA512

f1d16baad18a2e6aaa3e3330b7e6ff0a5472e09c6b11ee34a80a141eabc8e7dc5e9566dbae83883d97836f820a31b7f6998493be5bb3b31c2e4dc5c0063c3b0a
SSDEEP

98304:PX6VzPNrYPjUsmpLnNBadKuqW0H1oJ3LVUSXJeAjvUn6:PXQTSapLNBsKuwuJ3pPXkUn

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6
- Size
  
  4.0MB
- MD5
  
  ff6417557a0f91c21fc9b6ebe8fae7b8
- SHA1
  
  b5d8a649047be11bce1f7d5248713efb0120c0bc
- SHA256
  
  583fb588f03896b4685e6664eb293a095f85f208f3e3c01612266dc349a8dac6
- SHA512
  
  f1d16baad18a2e6aaa3e3330b7e6ff0a5472e09c6b11ee34a80a141eabc8e7dc5e9566dbae83883d97836f820a31b7f6998493be5bb3b31c2e4dc5c0063c3b0a
- SSDEEP
  
  98304:PX6VzPNrYPjUsmpLnNBadKuqW0H1oJ3LVUSXJeAjvUn6:PXQTSapLNBsKuwuJ3pPXkUn
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy