glupteba | 6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85
Size

4.2MB
Sample

230508-sj92dabc49
MD5

3be8360037dc47ef8f0f26f4c3809935
SHA1

a8aa94f5398de2c1e9574f982c5d8fe954db3ad9
SHA256

6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85
SHA512

265cc83e3247a0d6dc2d779e95ab2c5ac1f0883c5695f6930b91d8aa2b3a4ef650fb57291243b4cd6680c3bb7ccf396a8bb0767a44d652a12e821358e97dbdfc
SSDEEP

98304:oPCmUuJQS4x6SyIk/EW2FdIlo6CrO01A2SsBnh+TljYyHpJapIyzYf:nxmmFd1bhSsB6eyJUI0Yf

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85
- Size
  
  4.2MB
- MD5
  
  3be8360037dc47ef8f0f26f4c3809935
- SHA1
  
  a8aa94f5398de2c1e9574f982c5d8fe954db3ad9
- SHA256
  
  6c1e81a07a4632b4c5b4c31348fc963be338a27c1e87c84696efcecfe1ed5e85
- SHA512
  
  265cc83e3247a0d6dc2d779e95ab2c5ac1f0883c5695f6930b91d8aa2b3a4ef650fb57291243b4cd6680c3bb7ccf396a8bb0767a44d652a12e821358e97dbdfc
- SSDEEP
  
  98304:oPCmUuJQS4x6SyIk/EW2FdIlo6CrO01A2SsBnh+TljYyHpJapIyzYf:nxmmFd1bhSsB6eyJUI0Yf
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2025

Terms | Privacy