glupteba | abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
Size

4.0MB
Sample

230221-mv1n7agd4v
MD5

9d39777a22c1da64fab574493fffcec8
SHA1

4e7cec4defcc30ac55c29f53ccd32d66e7c0bf92
SHA256

abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
SHA512

a305f38a2d2b9b7e92678c954d3872b176a1aae6dbe74fc24e100188231c2c85cf734016395120c2f4366352cbcd7db60b4f2e9fbec8a7fdf2b62dceeb0fd952
SSDEEP

98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+h:7d+BmZuTF+926Y

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
- Size
  
  4.0MB
- MD5
  
  9d39777a22c1da64fab574493fffcec8
- SHA1
  
  4e7cec4defcc30ac55c29f53ccd32d66e7c0bf92
- SHA256
  
  abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
- SHA512
  
  a305f38a2d2b9b7e92678c954d3872b176a1aae6dbe74fc24e100188231c2c85cf734016395120c2f4366352cbcd7db60b4f2e9fbec8a7fdf2b62dceeb0fd952
- SSDEEP
  
  98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+h:7d+BmZuTF+926Y
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2024

Terms | Privacy