Overview

overview

10

Static

static

1

5d4a9d5b6b...ec.exe

windows7-x64

10

5d4a9d5b6b...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d4a9d5b6b86dabdc9a755410b77318d05ef000cee6812a3ece63c7b426d02ec

  • Size

    4.2MB

  • Sample

    230506-113bvscg21

  • MD5

    9ce9e387752e13dd149c6188a00c7cfe

  • SHA1

    66e55b851ce39a6e5e86fdd25cecabaa5f917f92

  • SHA256

    5d4a9d5b6b86dabdc9a755410b77318d05ef000cee6812a3ece63c7b426d02ec

  • SHA512

    b6164921f1a7bc37054aadb92244ac0659f6db5e2639da1402ba5bece42056fbed7d8279708e85000f4fbd956316ff693cc094f69a15077be142b5f61c7e816a

  • SSDEEP

    98304:TSCUAjZ154PZGsgtV5AdQu6Z9g1OvCQplUG5vHAbiyhzECLO4+LGO04:TSCHz5KZGHt3AuhZygvLR5vg9OzB7

Score
10/10
gluptebaredlinediscoverydropperevasioninfostealerloaderpersistencerootkitstealertrojanupx

Malware Config

Targets

    • Target

      5d4a9d5b6b86dabdc9a755410b77318d05ef000cee6812a3ece63c7b426d02ec

    • Size

      4.2MB

    • MD5

      9ce9e387752e13dd149c6188a00c7cfe

    • SHA1

      66e55b851ce39a6e5e86fdd25cecabaa5f917f92

    • SHA256

      5d4a9d5b6b86dabdc9a755410b77318d05ef000cee6812a3ece63c7b426d02ec

    • SHA512

      b6164921f1a7bc37054aadb92244ac0659f6db5e2639da1402ba5bece42056fbed7d8279708e85000f4fbd956316ff693cc094f69a15077be142b5f61c7e816a

    • SSDEEP

      98304:TSCUAjZ154PZGsgtV5AdQu6Z9g1OvCQplUG5vHAbiyhzECLO4+LGO04:TSCHz5KZGHt3AuhZygvLR5vg9OzB7

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkittrojanredlineinfostealerstealerupx

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Detects any file with a triage score of 10

      This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Windows security bypass

      evasiontrojan

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Manipulates WinMon driver.

      Roottkits write to WinMon to hide PIDs from being detected.

      rootkitevasion

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks