glupteba | 8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712
Size

4.1MB
Sample

230329-jptf5sfc99
MD5

ae1dfc36ed70ca13d4aa9113e5befe4b
SHA1

6590a131356a5f2754569527ea6d897debcf93a8
SHA256

8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712
SHA512

495d152b0e45a2b3f80903582217070227f4b4a471fb5d0a4d8ea8ad33a44b76355f6b82e82b2c1d965fe84348f1496c9b1f370f87b481c5c9f755d7684f86e5
SSDEEP

98304:fW4FkGrzhLMOTvhVFfVuonqfevvibb7iZVbmcTXxyf92/lWz/H:fnFkG/pMmZzNuLfeY7ybHE2u

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712
- Size
  
  4.1MB
- MD5
  
  ae1dfc36ed70ca13d4aa9113e5befe4b
- SHA1
  
  6590a131356a5f2754569527ea6d897debcf93a8
- SHA256
  
  8718b54d8e879b0be887d44b790aa4f5d9f18065feb0ffe4856cd464dbe33712
- SHA512
  
  495d152b0e45a2b3f80903582217070227f4b4a471fb5d0a4d8ea8ad33a44b76355f6b82e82b2c1d965fe84348f1496c9b1f370f87b481c5c9f755d7684f86e5
- SSDEEP
  
  98304:fW4FkGrzhLMOTvhVFfVuonqfevvibb7iZVbmcTXxyf92/lWz/H:fnFkG/pMmZzNuLfeY7ybHE2u
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2024

Terms | Privacy