glupteba | fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb
Size

4.2MB
Sample

230607-mrtrgaac4t
MD5

aaceb72c8e831fd61fefbcc55f052b2f
SHA1

62f158b2b241671f138166ab26ad9316a27698a3
SHA256

fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb
SHA512

3fd75ad45e852254c7a6b2685d262150ef82a76067d9f6cdb8a88514f8f8abbb947f3653ea30fdf07eec2779fa5009e7dc488c8d74e34f36e81c233dc319aeae
SSDEEP

98304:F7cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWh9:V4pnQn9xB8w/epD

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb
- Size
  
  4.2MB
- MD5
  
  aaceb72c8e831fd61fefbcc55f052b2f
- SHA1
  
  62f158b2b241671f138166ab26ad9316a27698a3
- SHA256
  
  fca2fc0f05ca0a74c761e19c46e5b788ddc2e10df6f8b28bfca071bc244cfafb
- SHA512
  
  3fd75ad45e852254c7a6b2685d262150ef82a76067d9f6cdb8a88514f8f8abbb947f3653ea30fdf07eec2779fa5009e7dc488c8d74e34f36e81c233dc319aeae
- SSDEEP
  
  98304:F7cjpnWTod4g2pxfbBxBg9mIiQMFSS/eeWh9:V4pnQn9xB8w/epD
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy