glupteba | e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11
Size

4.2MB
Sample

230509-p5aa4ahg8x
MD5

4001a5f90ce6d981e533599ef6db0b0b
SHA1

7b682640b40176880f225c3e336064432ac34eaa
SHA256

e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11
SHA512

485ddd46e14a8e9bb47e12e39144db77524977c24d73f00c773edb8fa4c6fc8b8c7c1c3b6c8e0b27fda6ed9d637af0ef3d2d7b8d7b7b19ad6dd7d98205cba8ed
SSDEEP

98304:JkaTEaGo2ns1iQCCbUKMTl2/5MXDOk0ymOMEG5JwRQLq05s98QXl:vTE/s1QCbUF2/gbmVj/LqgQ1

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11
- Size
  
  4.2MB
- MD5
  
  4001a5f90ce6d981e533599ef6db0b0b
- SHA1
  
  7b682640b40176880f225c3e336064432ac34eaa
- SHA256
  
  e195a3f86c683a169a8957b0c7b5753be92a3d15054965372416a78957c71d11
- SHA512
  
  485ddd46e14a8e9bb47e12e39144db77524977c24d73f00c773edb8fa4c6fc8b8c7c1c3b6c8e0b27fda6ed9d637af0ef3d2d7b8d7b7b19ad6dd7d98205cba8ed
- SSDEEP
  
  98304:JkaTEaGo2ns1iQCCbUKMTl2/5MXDOk0ymOMEG5JwRQLq05s98QXl:vTE/s1QCbUF2/gbmVj/LqgQ1
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2025

Terms | Privacy