glupteba | 2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5
Size

4.1MB
Sample

230325-v551nafg7s
MD5

9f006e9f3bf1f6b32dcb4a971bc3b38a
SHA1

ed4b85a4bce28b111ad1b7646b4ebf629397134f
SHA256

2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5
SHA512

88e453f46e0a388902565534834d431e625980eea3825949354c0cb51252d6d9c295458bff8fe02351a399d20e73261f91f9111ba7050d2eae2ca2d52f88f70c
SSDEEP

49152:FKkIMxnuypBavOAiJ3mY9kICEwg6HRoKJsCHrTt0mc+fdW9q9mpwjxou+8OBkqi4:4zM5uyav0VmY9MsKc+fckmmjxouXOP

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5
- Size
  
  4.1MB
- MD5
  
  9f006e9f3bf1f6b32dcb4a971bc3b38a
- SHA1
  
  ed4b85a4bce28b111ad1b7646b4ebf629397134f
- SHA256
  
  2f9f480a60b6d163730f9c7042f66e2420673380ff1820ed2107c9db8e9f47e5
- SHA512
  
  88e453f46e0a388902565534834d431e625980eea3825949354c0cb51252d6d9c295458bff8fe02351a399d20e73261f91f9111ba7050d2eae2ca2d52f88f70c
- SSDEEP
  
  49152:FKkIMxnuypBavOAiJ3mY9kICEwg6HRoKJsCHrTt0mc+fdW9q9mpwjxou+8OBkqi4:4zM5uyav0VmY9MsKc+fckmmjxouXOP
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy