glupteba | 0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
Size

4.1MB
Sample

230329-l75cgahd7v
MD5

d3ad3e4399e91fca86fe19c2a1b6bfbb
SHA1

8959d518f7b685439b8a6d4ba8556f176a1063e2
SHA256

0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
SHA512

83386faed8c4b442f769931c2dec42145c9a8a087b887ae44fb63db3c198be1a4e17ba59a8d1cca9584eba79ee0d4d2c5455d3e916725c6a9dc7eacfe3d249bd
SSDEEP

98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1f:8aCl6FOG/r/Q5fdHl0sg5zzq1sM5

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
- Size
  
  4.1MB
- MD5
  
  d3ad3e4399e91fca86fe19c2a1b6bfbb
- SHA1
  
  8959d518f7b685439b8a6d4ba8556f176a1063e2
- SHA256
  
  0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
- SHA512
  
  83386faed8c4b442f769931c2dec42145c9a8a087b887ae44fb63db3c198be1a4e17ba59a8d1cca9584eba79ee0d4d2c5455d3e916725c6a9dc7eacfe3d249bd
- SSDEEP
  
  98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1f:8aCl6FOG/r/Q5fdHl0sg5zzq1sM5
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy