glupteba | 37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1
Size

4.1MB
Sample

230606-qxdh8aed7x
MD5

70123d18cf70b3e8ad0f6417b091afb8
SHA1

855f57e602f011d1503c8602c20d696db5e26c72
SHA256

37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1
SHA512

6a9b8f5494a663091f33fe0906c98315ee6841640259d79ee7fe3c5188e13c026fd971caf05db16dca7a76de0162bad1520b672e0ca8b72aa7bbaa8caaf819f3
SSDEEP

98304:F9YZmHRTuRTE0X9P5knHeOdPmhq8BW/X97z/WtPuuznvFw:FcmHF0dhkH5tGMn+G4nvG

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1.exe

Resource

win10-20230220-en

glupteba discovery dropper evasion loader persistence rootkit trojan upx

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1
- Size
  
  4.1MB
- MD5
  
  70123d18cf70b3e8ad0f6417b091afb8
- SHA1
  
  855f57e602f011d1503c8602c20d696db5e26c72
- SHA256
  
  37ac5f80121b6b234842a920c78d135eff3f383e69b99deed400701a399705a1
- SHA512
  
  6a9b8f5494a663091f33fe0906c98315ee6841640259d79ee7fe3c5188e13c026fd971caf05db16dca7a76de0162bad1520b672e0ca8b72aa7bbaa8caaf819f3
- SSDEEP
  
  98304:F9YZmHRTuRTE0X9P5knHeOdPmhq8BW/X97z/WtPuuznvFw:FcmHF0dhkH5tGMn+G4nvG
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

© 2018-2025

Terms | Privacy