glupteba | 0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8
Size

4.2MB
Sample

230519-pnx1tsgf4y
MD5

b814131afaaa3f714b06fc9024f483ce
SHA1

634139893dd6d0f584feb59ffecdba38d05f28ea
SHA256

0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8
SHA512

14099df1b0ac96a13bbe0dd8f9db9fe05a23c8c9da6019dc7901a0596c12c1db61e7dd3d644e4c30d79b97ff7cb31666e920a7ca9fb065ef0c93c9b3a285dfcd
SSDEEP

98304:2a4F3mqZiCT0pXfU9wuVwIwCd1KRCOeH+D7QQBRcks/FjrnfF:2a4F3m8B0pXfU9FtwmSI+D7QQ/INjp

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan upx

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8
- Size
  
  4.2MB
- MD5
  
  b814131afaaa3f714b06fc9024f483ce
- SHA1
  
  634139893dd6d0f584feb59ffecdba38d05f28ea
- SHA256
  
  0dbd1b8b552891820f828c6fde407681ba0a9266f2efb13618781cc4d200a1a8
- SHA512
  
  14099df1b0ac96a13bbe0dd8f9db9fe05a23c8c9da6019dc7901a0596c12c1db61e7dd3d644e4c30d79b97ff7cb31666e920a7ca9fb065ef0c93c9b3a285dfcd
- SSDEEP
  
  98304:2a4F3mqZiCT0pXfU9wuVwIwCd1KRCOeH+D7QQBRcks/FjrnfF:2a4F3m8B0pXfU9FtwmSI+D7QQ/INjp
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

© 2018-2025

Terms | Privacy