glupteba | 3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab
Size

4.1MB
Sample

230306-dy6j6sae64
MD5

45a2554096d9911cb4b013ba32a964ae
SHA1

c4b619fdaf45aeb00ece99a8cd8bd9bf4447b0cd
SHA256

3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab
SHA512

51f6f09755d7ea9273a05c0df1a5826351f8da98bab9495ff86976b55f50616ad894eca62d03b7a3cc1c5ddf200655d1debc8319de5db92b66eb22eb31590261
SSDEEP

98304:0up7KjK3lTJ6HI3exhqBhQ+FTMutyHnBrAE6rdOK:rmK3ljQ6FTMuiBrX6BD

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan upx

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab
- Size
  
  4.1MB
- MD5
  
  45a2554096d9911cb4b013ba32a964ae
- SHA1
  
  c4b619fdaf45aeb00ece99a8cd8bd9bf4447b0cd
- SHA256
  
  3f079a3dbc0b7d31e4661fb831d54515f753b42a95be4b1700ba39435aedd5ab
- SHA512
  
  51f6f09755d7ea9273a05c0df1a5826351f8da98bab9495ff86976b55f50616ad894eca62d03b7a3cc1c5ddf200655d1debc8319de5db92b66eb22eb31590261
- SSDEEP
  
  98304:0up7KjK3lTJ6HI3exhqBhQ+FTMutyHnBrAE6rdOK:rmK3ljQ6FTMuiBrX6BD
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

© 2018-2025

Terms | Privacy