glupteba | ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1
Size

4.1MB
Sample

230325-2d5ddagf5z
MD5

2968f9135feb61ca93211ef031c24552
SHA1

8005744262f756645a4095150c6c6bf98a907593
SHA256

ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1
SHA512

9b10f683e9cb088e5eda9ac68db330db5828c8a67dae7b1e8f8b7161cccdbff9a3cf3a113a0c075335d9f4be695053c900cd30b22660ff1c4677a2e58a5255c3
SSDEEP

98304:tPj+LIsgp57UjynWiqJRcTpmJQWxujNhSZRaDxnw:ALYJU2UqAJQWxujSCxnw

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1
- Size
  
  4.1MB
- MD5
  
  2968f9135feb61ca93211ef031c24552
- SHA1
  
  8005744262f756645a4095150c6c6bf98a907593
- SHA256
  
  ee9d80b969d5cace92256a6fd0310160bb0c7933cbd0779559c0cb1cfba85ee1
- SHA512
  
  9b10f683e9cb088e5eda9ac68db330db5828c8a67dae7b1e8f8b7161cccdbff9a3cf3a113a0c075335d9f4be695053c900cd30b22660ff1c4677a2e58a5255c3
- SSDEEP
  
  98304:tPj+LIsgp57UjynWiqJRcTpmJQWxujNhSZRaDxnw:ALYJU2UqAJQWxujSCxnw
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy