glupteba | fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1
Size

4.2MB
Sample

230531-s6f2tafh33
MD5

b97afa26bc3f9d821339d00b6eda2c86
SHA1

959c033bb835bb2f12094fda9af62dc3764c86f4
SHA256

fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1
SHA512

623ae5f512e45f1020f96fc777c00611aa9f1e160584be60812b179682a790dc7c6eb865e1c849d39d17c52a9095539d315a4698e28eb574b119b2e0c0f6cbf6
SSDEEP

98304:kH03IFz9SJKWskdkHeJcAc3WmyHmfZo5ZNptDbD:u03IFpHWGHeJcAYho5vD

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1
- Size
  
  4.2MB
- MD5
  
  b97afa26bc3f9d821339d00b6eda2c86
- SHA1
  
  959c033bb835bb2f12094fda9af62dc3764c86f4
- SHA256
  
  fae4e7bd1a144277c1b2f94519aa6be1c537ff3b209ed796fbf10798b72ae6a1
- SHA512
  
  623ae5f512e45f1020f96fc777c00611aa9f1e160584be60812b179682a790dc7c6eb865e1c849d39d17c52a9095539d315a4698e28eb574b119b2e0c0f6cbf6
- SSDEEP
  
  98304:kH03IFz9SJKWskdkHeJcAc3WmyHmfZo5ZNptDbD:u03IFpHWGHeJcAYho5vD
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy