glupteba | dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca
Size

4.1MB
Sample

230327-1fnmzafd46
MD5

3d732483a45627df58f7f18cee1764bb
SHA1

d17471e28a047725b15f367cd5d127b1b9347f4f
SHA256

dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca
SHA512

973f16eb46a4e12cb987adf4277309b81e2aebcc9de00f2551e9a22ca3ce7d90a7bbea423c2608d7930a349514f111356f89d4305b3d5d1aceddc5e01c51d5dc
SSDEEP

98304:hsga/db54hpOTZGP3wo0ZMln15HTLEPxA/IhAljsmJ:hsga/1gj04zaA/IoX

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca
- Size
  
  4.1MB
- MD5
  
  3d732483a45627df58f7f18cee1764bb
- SHA1
  
  d17471e28a047725b15f367cd5d127b1b9347f4f
- SHA256
  
  dd8b33404210c45e8bbc47b625cddb26fcc67dc6fbbdfef9ba773fd95d840dca
- SHA512
  
  973f16eb46a4e12cb987adf4277309b81e2aebcc9de00f2551e9a22ca3ce7d90a7bbea423c2608d7930a349514f111356f89d4305b3d5d1aceddc5e01c51d5dc
- SSDEEP
  
  98304:hsga/db54hpOTZGP3wo0ZMln15HTLEPxA/IhAljsmJ:hsga/1gj04zaA/IoX
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy