glupteba | 3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705
Size

4.2MB
Sample

230607-a3lh1sgc23
MD5

1976f6b5b9f3b03415fbd82541d3a07a
SHA1

3c5333c8ae8eecbb81d7e69ee6f4e9d8a875124b
SHA256

3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705
SHA512

22dc789595a2facf6970a7eabdf8749e37a75d21ac0b1ce341e556e39e6bd2076be60b22369efdabca456ee69f4195ef0ea9c4c58bf0f886446f69e1af4a2922
SSDEEP

98304:Ufj1qqJsKF48d0lq1tWEW7hhcbSAW+/YMXAe530ShV2WySKC:Y9a8dPCj3cbSm55002b/C

Score

10^/10

glupteba dropper evasion loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705.exe

Resource

win10-20230220-en

glupteba dropper evasion loader persistence trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705
- Size
  
  4.2MB
- MD5
  
  1976f6b5b9f3b03415fbd82541d3a07a
- SHA1
  
  3c5333c8ae8eecbb81d7e69ee6f4e9d8a875124b
- SHA256
  
  3d297f496bf5a9f4b02631167e7446899f25bbede6af693fe6a917ce32b2c705
- SHA512
  
  22dc789595a2facf6970a7eabdf8749e37a75d21ac0b1ce341e556e39e6bd2076be60b22369efdabca456ee69f4195ef0ea9c4c58bf0f886446f69e1af4a2922
- SSDEEP
  
  98304:Ufj1qqJsKF48d0lq1tWEW7hhcbSAW+/YMXAe530ShV2WySKC:Y9a8dPCj3cbSm55002b/C
Score

10^/10

glupteba dropper evasion loader persistence trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencetrojan

© 2018-2024

Terms | Privacy