glupteba | a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c
Size

4.1MB
Sample

230325-11vxsage9t
MD5

42fc788c2f786fefa1f3140b90c122e7
SHA1

f3f090730757f2c4170f36ebcd6f77f3d07aeaa1
SHA256

a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c
SHA512

a12628fbabc420c8c761f39915c8c5021bde05c441363a5334a662f6f4ca15f713dd4059afc2acda5bbc3f96341499bb80a42f6a29ba72e179e604680e7d3ee5
SSDEEP

98304:kFng4kWf5poWL25Runw1R8jHNLlC24QMGK/OCDJwd7/AG8/T:7y7oWL25UnwojVlCpTV2CDyd7IH

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c
- Size
  
  4.1MB
- MD5
  
  42fc788c2f786fefa1f3140b90c122e7
- SHA1
  
  f3f090730757f2c4170f36ebcd6f77f3d07aeaa1
- SHA256
  
  a39ef10aa1314462d43d64352fac6ee69f5aa5a7a9ac6438753f065d52acd14c
- SHA512
  
  a12628fbabc420c8c761f39915c8c5021bde05c441363a5334a662f6f4ca15f713dd4059afc2acda5bbc3f96341499bb80a42f6a29ba72e179e604680e7d3ee5
- SSDEEP
  
  98304:kFng4kWf5poWL25Runw1R8jHNLlC24QMGK/OCDJwd7/AG8/T:7y7oWL25UnwojVlCpTV2CDyd7IH
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy