glupteba | fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
Size

4.0MB
Sample

230221-vktrwshe4y
MD5

f50e60cc80cce290205a7b55ca4d5e84
SHA1

b574cf84c6fab4737cfb06efdfffdebc9d23591e
SHA256

fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
SHA512

f3b1ff500c31b2872e4d8bbf13cda075bba2a37e8124122f5202ea25889ef339d37018f4920cbf3c55f82df40127845c31caf6e22f473142acf1db70a0d80d2a
SSDEEP

98304:krwFQ7rbj38ljcSEC+VwnOxOrpk6M4Edwf:krwFQ3GcSAVgOxkOSf

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
- Size
  
  4.0MB
- MD5
  
  f50e60cc80cce290205a7b55ca4d5e84
- SHA1
  
  b574cf84c6fab4737cfb06efdfffdebc9d23591e
- SHA256
  
  fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
- SHA512
  
  f3b1ff500c31b2872e4d8bbf13cda075bba2a37e8124122f5202ea25889ef339d37018f4920cbf3c55f82df40127845c31caf6e22f473142acf1db70a0d80d2a
- SSDEEP
  
  98304:krwFQ7rbj38ljcSEC+VwnOxOrpk6M4Edwf:krwFQ3GcSAVgOxkOSf
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy