glupteba | 24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35
Size

4.2MB
Sample

230525-wb1drabe77
MD5

ce8f031c55a75f11f6c30a9eb0f7d7e1
SHA1

16a531dc3aa5a03ee50d672266845cb6aff63163
SHA256

24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35
SHA512

1577dc9b89fbfc929e2f34a890c2b3d0365f6af0849a8e257c59fa2cb720479f670c948c063d2730de3122c60958699491684ed69005918ef7d6d46c9939ac7d
SSDEEP

98304:KUkIuJia5m+at9Z+M88kWM8eIupC5WIkBFnybpad:cI3TZ+3J8ec5WNFngad

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35
- Size
  
  4.2MB
- MD5
  
  ce8f031c55a75f11f6c30a9eb0f7d7e1
- SHA1
  
  16a531dc3aa5a03ee50d672266845cb6aff63163
- SHA256
  
  24fb6170d2145271af60ce5caf2a04125b20dcd9cd044eb335dfe87a070ffb35
- SHA512
  
  1577dc9b89fbfc929e2f34a890c2b3d0365f6af0849a8e257c59fa2cb720479f670c948c063d2730de3122c60958699491684ed69005918ef7d6d46c9939ac7d
- SSDEEP
  
  98304:KUkIuJia5m+at9Z+M88kWM8eIupC5WIkBFnybpad:cI3TZ+3J8ec5WNFngad
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2025

Terms | Privacy