glupteba | 1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417
Size

4.1MB
Sample

230424-b97v9sag6s
MD5

908cd6e3927523029448e8634cb6cb78
SHA1

a20a1e643b2ad91a8a63e3d47ebd61880e60187d
SHA256

1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417
SHA512

9f50e17a8904837558b0482414b5030d7db42828b226a1decd37b660e60d36415b929a53b6dc2ecbd0efe5c47ffefe261588d7b59157f38518204caa7f0fc101
SSDEEP

98304:b4mETPB0qGT6jDIgg1bLYAsrrH0J1Afxb:b32jl0bLm0J6fxb

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417
- Size
  
  4.1MB
- MD5
  
  908cd6e3927523029448e8634cb6cb78
- SHA1
  
  a20a1e643b2ad91a8a63e3d47ebd61880e60187d
- SHA256
  
  1d21ebce42c833727a0e703253fc7eb8d6beccac631331de1e82eaab12736417
- SHA512
  
  9f50e17a8904837558b0482414b5030d7db42828b226a1decd37b660e60d36415b929a53b6dc2ecbd0efe5c47ffefe261588d7b59157f38518204caa7f0fc101
- SSDEEP
  
  98304:b4mETPB0qGT6jDIgg1bLYAsrrH0J1Afxb:b32jl0bLm0J6fxb
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy