Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    12fdf18aebacadb20d3b4b0c6ecdfc14271f88469f580ecd1a1ff32e43ff49da

  • Size

    4.2MB

  • Sample

    230508-le3ceabg4w

  • MD5

    8920d9a95664acb9af990c6580105ac0

  • SHA1

    441cee271e215a789644e622e56045a95b3c3076

  • SHA256

    12fdf18aebacadb20d3b4b0c6ecdfc14271f88469f580ecd1a1ff32e43ff49da

  • SHA512

    723fbb38ccdd7dbdefcf83d4ea040b4a7dd414d919e7f90ff2ccd59c7242f4f2693b24fe3b9912769ae0492568334546bf623361100195ba0dc8083ad7887b5a

  • SSDEEP

    98304:ghuF4N4OSPMwE6Ysp9bOcDBMOe0Kqye0KXTMWqfOUXfM09Kmmy29fktB:n+4zp/KcDXdOe0gTMWyE09g9KB

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkitupx

Malware Config

Targets

    • Target

      12fdf18aebacadb20d3b4b0c6ecdfc14271f88469f580ecd1a1ff32e43ff49da

    • Size

      4.2MB

    • MD5

      8920d9a95664acb9af990c6580105ac0

    • SHA1

      441cee271e215a789644e622e56045a95b3c3076

    • SHA256

      12fdf18aebacadb20d3b4b0c6ecdfc14271f88469f580ecd1a1ff32e43ff49da

    • SHA512

      723fbb38ccdd7dbdefcf83d4ea040b4a7dd414d919e7f90ff2ccd59c7242f4f2693b24fe3b9912769ae0492568334546bf623361100195ba0dc8083ad7887b5a

    • SSDEEP

      98304:ghuF4N4OSPMwE6Ysp9bOcDBMOe0Kqye0KXTMWqfOUXfM09Kmmy29fktB:n+4zp/KcDXdOe0gTMWyE09g9KB

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkitupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks