glupteba | 269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2
Size

4.2MB
Sample

230530-jfjkksge2z
MD5

e0650311248894b4987c45c0f6a57104
SHA1

9adfa0f5b3a127ac4bb981e9fb9fb9686c5ad200
SHA256

269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2
SHA512

c8eb5f06595a580f47aa4f1a83dcc6773ae763637b696ce83814a0caa406fc7e5cdce664b947f56a527d9f937d48b04b9a21dea0f25c1385408a8dd3b869620d
SSDEEP

98304:TXe0bprAwhcwVrUF5beiul/SJj7d7dB51dMwSi7uyu4U9CF:TX5UwmMqpGoj7B5rMwx7Y4U9c

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit

Static task

static1

Behavioral task

behavioral1

Sample

269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2
- Size
  
  4.2MB
- MD5
  
  e0650311248894b4987c45c0f6a57104
- SHA1
  
  9adfa0f5b3a127ac4bb981e9fb9fb9686c5ad200
- SHA256
  
  269844c99a4b3ec6d4c4e49be70271f127686ae9b730db66c04980be6434b7e2
- SHA512
  
  c8eb5f06595a580f47aa4f1a83dcc6773ae763637b696ce83814a0caa406fc7e5cdce664b947f56a527d9f937d48b04b9a21dea0f25c1385408a8dd3b869620d
- SSDEEP
  
  98304:TXe0bprAwhcwVrUF5beiul/SJj7d7dB51dMwSi7uyu4U9CF:TX5UwmMqpGoj7B5rMwx7Y4U9c
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkit

© 2018-2025

Terms | Privacy