glupteba | 4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8
Size

4.1MB
Sample

230328-y7qkjaeh6z
MD5

fe223a86eb4295a843ac8f3d2d93be91
SHA1

7c719ba559a33b5d23eaf116aa21b50d67fc8c58
SHA256

4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8
SHA512

83f30dd2bad2f485be8ceef5caad54b9729661a3aba9e8fe901a90d3dfdc0cf5ce016bb57b1d1556ed6ef436ed5cf75307745ceda5d358e6ea45a873f87e6abd
SSDEEP

98304:1gllZtUzyXaTUcZNWhxCJtdbhiVLOMs9LZsG/IJsSDtGFik:1g5iH4cZyxCJIEgGCswEik

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8
- Size
  
  4.1MB
- MD5
  
  fe223a86eb4295a843ac8f3d2d93be91
- SHA1
  
  7c719ba559a33b5d23eaf116aa21b50d67fc8c58
- SHA256
  
  4d8bcd082c5eaf60ce1f6813a5fadf294965a28002d7e3b4b02db07290cdd4e8
- SHA512
  
  83f30dd2bad2f485be8ceef5caad54b9729661a3aba9e8fe901a90d3dfdc0cf5ce016bb57b1d1556ed6ef436ed5cf75307745ceda5d358e6ea45a873f87e6abd
- SSDEEP
  
  98304:1gllZtUzyXaTUcZNWhxCJtdbhiVLOMs9LZsG/IJsSDtGFik:1g5iH4cZyxCJIEgGCswEik
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy