glupteba | 52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9
Size

4.1MB
Sample

230327-fxpalsdg9w
MD5

cb1f2073d79c82f789d51994c5e52844
SHA1

5086198b5b5567abe362f1a2690c0c593fb23aab
SHA256

52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9
SHA512

723c82ea2f91b0ada430ebea1f51e07ed93c8496e00d8931e3ed1ddb602ac36d208c103febf0ed62aa0205c13508e0e21d35cb97ac1b9195bb39d2c256dd97a3
SSDEEP

98304:jD+y4IXZOqgU5JyE7PRbQEPNsEAJADBcdt5msG7q3W9WVlO:H5rJyfiVKRMBcNDG7q3W/

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9
- Size
  
  4.1MB
- MD5
  
  cb1f2073d79c82f789d51994c5e52844
- SHA1
  
  5086198b5b5567abe362f1a2690c0c593fb23aab
- SHA256
  
  52e255c9de26b1612e6cf74521cb21f6615d1f65dc18530b2e4b5d150880bed9
- SHA512
  
  723c82ea2f91b0ada430ebea1f51e07ed93c8496e00d8931e3ed1ddb602ac36d208c103febf0ed62aa0205c13508e0e21d35cb97ac1b9195bb39d2c256dd97a3
- SSDEEP
  
  98304:jD+y4IXZOqgU5JyE7PRbQEPNsEAJADBcdt5msG7q3W9WVlO:H5rJyfiVKRMBcNDG7q3W/
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy