glupteba | d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e
Size

4.0MB
Sample

230221-vecw7afe66
MD5

d3ac6778d53fd6a2713718b02e2f0ba2
SHA1

36b619e35b7b2c536136051d8a9977a13cd76ac4
SHA256

d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e
SHA512

65e4975dc987b3126dd23edd03fadb1db45d9f83b80a8c8883933752d9d535135c05ff870a60e12a69f07d67e1920422e03330252075004fa7c2413ac518d946
SSDEEP

98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM6e:tfIxQ2ufeR//rXkIh1LM6e

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e
- Size
  
  4.0MB
- MD5
  
  d3ac6778d53fd6a2713718b02e2f0ba2
- SHA1
  
  36b619e35b7b2c536136051d8a9977a13cd76ac4
- SHA256
  
  d69947553598757a053c45ff0b2c70250c61c9e626589a027880716fe31f4d3e
- SHA512
  
  65e4975dc987b3126dd23edd03fadb1db45d9f83b80a8c8883933752d9d535135c05ff870a60e12a69f07d67e1920422e03330252075004fa7c2413ac518d946
- SSDEEP
  
  98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM6e:tfIxQ2ufeR//rXkIh1LM6e
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy