glupteba | f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45
Size

4.1MB
Sample

230601-1kj6cagf64
MD5

e63255cea0c74ccfd64c54b145f7d3cf
SHA1

c49fd9435fcdfdff14ce0a56e326a60da7b51b29
SHA256

f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45
SHA512

ed624ab60f3367323151ac43545670e94d20ae034ceb5b89c0e67040113b3a68acdd496e77593a4cb77c4065e0d09a3438e9725ca54c7ab5a9ee76c8b0ef916b
SSDEEP

98304:3gLdhsi0TqxAQdsKeDMyEyO9pr9sybY5DGTj4zpVYvQ/GBdant:QRSqxAQDB7pG7GT0aWft

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45
- Size
  
  4.1MB
- MD5
  
  e63255cea0c74ccfd64c54b145f7d3cf
- SHA1
  
  c49fd9435fcdfdff14ce0a56e326a60da7b51b29
- SHA256
  
  f35ec939499bfc8296a868d3f82e86fc4c25cc509cf7a1390b98532f2ebc8e45
- SHA512
  
  ed624ab60f3367323151ac43545670e94d20ae034ceb5b89c0e67040113b3a68acdd496e77593a4cb77c4065e0d09a3438e9725ca54c7ab5a9ee76c8b0ef916b
- SSDEEP
  
  98304:3gLdhsi0TqxAQdsKeDMyEyO9pr9sybY5DGTj4zpVYvQ/GBdant:QRSqxAQDB7pG7GT0aWft
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy