glupteba | e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260
Size

4.2MB
Sample

230525-ya8d3scg3x
MD5

f41f9c84ef57697d47c1db9375337170
SHA1

5d8e04d26cfdec4edc3bc1fe0c655df28ec673e5
SHA256

e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260
SHA512

073df3e4389b87805184d9f6f9da10b224ff946f47ce4588cf033455f112f125cf41486b497259fa107f63ae5de2939f5d5a38f2494d4ff8de7352a46e231dba
SSDEEP

98304:7fotdft2Td4gQwaJkDKeyqBAQCzIbjpAhOcr++4XCgx:WdV29Qwq3RQSIbjLhggx

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260
- Size
  
  4.2MB
- MD5
  
  f41f9c84ef57697d47c1db9375337170
- SHA1
  
  5d8e04d26cfdec4edc3bc1fe0c655df28ec673e5
- SHA256
  
  e9dd9d2168af907a8b9bbf33e3cdff309ef4aa1a13420cb28744f883f233a260
- SHA512
  
  073df3e4389b87805184d9f6f9da10b224ff946f47ce4588cf033455f112f125cf41486b497259fa107f63ae5de2939f5d5a38f2494d4ff8de7352a46e231dba
- SSDEEP
  
  98304:7fotdft2Td4gQwaJkDKeyqBAQCzIbjpAhOcr++4XCgx:WdV29Qwq3RQSIbjLhggx
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2025

Terms | Privacy