glupteba | e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b
Size

4.1MB
Sample

230328-mmhhmsad98
MD5

bcc4260381dfec08dfa2ab167427a16f
SHA1

82aa83afc8babb43094dd0cf13f9cdd8feef6e25
SHA256

e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b
SHA512

24e6fee82d2a2da24a82ae30de0947d76ec58404e1a3f1b00d16dda030507fd827909149861bed37c0dd0dc6d9b7c6666370c785af73a407473758015ff7db97
SSDEEP

98304:iBoegsbIG86j/mVlYg2sV/zOslj3tUCnDla4qTJ8i:iBoeg0Ifszg2sV/SM3jDla4qlx

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b
- Size
  
  4.1MB
- MD5
  
  bcc4260381dfec08dfa2ab167427a16f
- SHA1
  
  82aa83afc8babb43094dd0cf13f9cdd8feef6e25
- SHA256
  
  e709f38bc65a81389eb0ec597a1fb2360497ad5238cd449cc78b1ea3d50df22b
- SHA512
  
  24e6fee82d2a2da24a82ae30de0947d76ec58404e1a3f1b00d16dda030507fd827909149861bed37c0dd0dc6d9b7c6666370c785af73a407473758015ff7db97
- SSDEEP
  
  98304:iBoegsbIG86j/mVlYg2sV/zOslj3tUCnDla4qTJ8i:iBoeg0Ifszg2sV/SM3jDla4qlx
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2024

Terms | Privacy