glupteba | 5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345
Size

4.1MB
Sample

230605-pycsmsgf57
MD5

c4a58cfdc8d3a60934e159a12182bcf0
SHA1

56bc9f7754667dc2a37528fa475bee7abcac6c33
SHA256

5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345
SHA512

bfd2210721cf2a804e0a3794f45ec38d4e409424f793e2e0570b811fdd0de6d9aea04660607d15926e383fb946500c1d15312e1052f32f77aadaee9dd7961d4d
SSDEEP

98304:+E/Ca8bubb66TLoMLw1MshEKjhJEeBVxIXDMgHZblZXdPNmI0:86HsLGsSktBDKTnmN

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345
- Size
  
  4.1MB
- MD5
  
  c4a58cfdc8d3a60934e159a12182bcf0
- SHA1
  
  56bc9f7754667dc2a37528fa475bee7abcac6c33
- SHA256
  
  5dd7489e4d3402d4c9a042cc3b4740c68b98da7a60e5f4f5311fc6d8f7767345
- SHA512
  
  bfd2210721cf2a804e0a3794f45ec38d4e409424f793e2e0570b811fdd0de6d9aea04660607d15926e383fb946500c1d15312e1052f32f77aadaee9dd7961d4d
- SSDEEP
  
  98304:+E/Ca8bubb66TLoMLw1MshEKjhJEeBVxIXDMgHZblZXdPNmI0:86HsLGsSktBDKTnmN
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2025

Terms | Privacy