glupteba | 022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
Size

4.1MB
Sample

230328-3p2x3afe9x
MD5

9d3cd832ea266b0bff21095d7e160b74
SHA1

c915953aeebc68289e697edf3592178f868ea388
SHA256

022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
SHA512

e14dbe0c2379e1593351564ac9a776035133560e676c077af2f2aa5f7fc52e7578c872047ff8b7a3fdc76b216e8af719308d43e337ef99cf993569799b9c970e
SSDEEP

98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6Vgd:CnVZmid/seb+aN6Vgd

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
- Size
  
  4.1MB
- MD5
  
  9d3cd832ea266b0bff21095d7e160b74
- SHA1
  
  c915953aeebc68289e697edf3592178f868ea388
- SHA256
  
  022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
- SHA512
  
  e14dbe0c2379e1593351564ac9a776035133560e676c077af2f2aa5f7fc52e7578c872047ff8b7a3fdc76b216e8af719308d43e337ef99cf993569799b9c970e
- SSDEEP
  
  98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6Vgd:CnVZmid/seb+aN6Vgd
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy